[Gr8timestocome]

When I clicked Start, All Programs, Accessories, System Tools, System Restore. I get a msg that says sytem restore application encountered a problem.

From SpyBot SD
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService

Command Service: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\cmdService

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 9:40:09 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mark\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\PROGRA~1\COMMON~1\METAPR~1\fmcapt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\PROGRA~1\COMMON~1\METAPR~1\fmcapt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on MARKS] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P44 "Auto EPSON Stylus Photo R320 Series on MARKS" /O18 "\\MARKS\EPSONSty.2" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\PROGRA~1\COMMON~1\METAPR~1\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://C:\PROGRA~1\COMMON~1\METAPR~1\FMCapt.dll/savemedia.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\PROGRA~1\COMMON~1\METAPR~1\fmcapt.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe


Thanks for any suggestions.

Edited by Gr8timestocome, 05 November 2006 - 11:50 AM.

[Advertisements]

Hi there, and welcome to geekstogo. I am sorry for the delay in getting to your post, we are very busy in the malware area.

If you still require assistance, please post a new hijack this log. If you have resolved this issue, please let me know so that I may close this topic.

-Ryan

[Ryan]

Hi there, and welcome to geekstogo. I am sorry for the delay in getting to your post, we are very busy in the malware area.

If you still require assistance, please post a new hijack this log. If you have resolved this issue, please let me know so that I may close this topic.

-Ryan

[Gr8timestocome]

Thanks you very much for getting back to me.

Here is the new hjt log.

Please let me know if I have posted to the area.
Logfile of HijackThis v1.99.1
Scan saved at 9:11:44 AM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Mark\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\PROGRA~1\COMMON~1\METAPR~1\fmcapt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\PROGRA~1\COMMON~1\METAPR~1\fmcapt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R320 Series on MARKS] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P44 "Auto EPSON Stylus Photo R320 Series on MARKS" /O18 "\\MARKS\EPSONSty.2" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\PROGRA~1\COMMON~1\METAPR~1\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://C:\PROGRA~1\COMMON~1\METAPR~1\FMCapt.dll/savemedia.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\PROGRA~1\COMMON~1\METAPR~1\fmcapt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.str...oad/XUpload.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe

[Ryan]

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

-Ryan

[Gr8timestocome]

Thanks again Ryan for your assistance.

I followed your instructions exactly in Safe mode

Selected "Automatically generate report after every scan"
Un-Selected "Only if threats were found

Then clickec Apply all actions"
in Safe mode

Selected the "Reports" icon at the top

But after the scan it said I had no reports

tried the whole process again and had the same result

There were some tracking cookies but It didn't save the report.

Where did I go wrong with this?

I did run Spy bot again and still found

From SpyBot SD
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService

Command Service: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\cmdService



Mark

Edited by Gr8timestocome, 13 November 2006 - 03:39 PM.

[Ryan]

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
cmdService

[Exclude]


[Options]
Filter=KVDLUI

2. Download Registry Search to your desktop.

• Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
• Open the new folder, and double click on regsearch.exe
• Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
• Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
• Please reply here with the entire contents of the Notepad file from RegSearch.

-Ryan

[Gr8timestocome]

While the program was running the cpu spiked to 100% and task mngr showed that 2 instances of registry search was running and it reported "not responding"
Ran it again same info from task mngr

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 11/13/2006 9:20:46 PM for strings:
; 'cmdservice'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-2025429265-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet002\\Services\\cmdService"

; End Of The Log...

[Gr8timestocome]

Tried it again this time it didn't lock up

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 11/13/2006 9:29:01 PM for strings:
; 'cmdservice'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-2025429265-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet002\\Services\\cmdService"

; End Of The Log...

[Ryan]

Please open Notepad and paste in the contents of the code box below:

sc stop cmdService>>results.txt
sc delete cmdService>>results.txt
notepad results.txt

Save the file to your desktop as "cleanme.bat" (include the quotation marks).

Double click cleanme.bat; a black window will flash open and close quickly - this is normal.

Notepad will open results.txt - please keep this window open, as you will be posting it later.


Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report and results.txt

-Ryan

[Gr8timestocome]

The black window stayed open and notepad said
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[Ryan]

OK, so the service is not installed. Can you please follow the second part of the instructions and do the Panda ActiveScan please.

-Ryan

[Gr8timestocome]

I have been trying to run Panda's ActiveScan but I keep getting

Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...

I realize is not rlated to the issue I'm having I have tried rebooting but keep getting the same msg.

I never get the msg about allowing acitve x control.
I think that may be the issue. I have gotten the active x msg with other downloads in the past
so I am familar with it. May be a problem with their site??

I'll keep trying to download it .

Thanks for hanging with me on this Ryan.

[Gr8timestocome]

So I've tried and tried to download Panda's ActiveScan and no luck

I have turned off my firewall went into explorer and checked to allow active x, checked for any other reason that my pc would be using any other anti virus software to not allow the download .

On the avg software you had me install the resident shield is inactive

I did download Panda's ActiveScan on my other pc just to be sure that there wasn't any problem at Pandas end and it Installed it with no problem.

Please let me know how you would like me to proceed

Again I greatly appreciate your efforts on this

Mark

[Ryan]

Make sure that any AntiVirus installed on your computer is turned off, as it has been known to conflict at times.

In Internet Explorer, go to Tools > Internet Options.

Click on the Security tab, and click on the button that says Reet all zones to default level (or something similar).

Restart Internet Explorer, and try running the Panda ActiveScan again.

-Ryan

[Gr8timestocome]

I folowed your directions went to the security tab, and reset to the default level .

I also went thru all the security settings and everything is set to enable or prompt.

And after at least 10 tries I still can't down load the test

All anti virus programs are off.


I'm also not getting a prompt for the actve x controls