I know there is a recent topic dealing with this, but I don't understand much about this sort of thing so thought it best to just start a new one. Hope you don't mind.
On the advice of
http://forums.spybot.info/showthread.php?t=288
I have run a Trend Micro Online scan and also Spybot 1.4.
They both find the malware, but neither can remove it.
Below is my hjt log:
Thanks in advance for any advice!
J
=================================

Logfile of HijackThis v1.99.1
Scan saved at 17:54:42, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\zstatus.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HIJACK~1\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chm.bris.ac.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.bris.ac.uk/autoconfig
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031006 serial=DR12WEX-1512049-WLP lang=EN
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: Mulberry v3.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.chm.bris.ac.uk
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.bris.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = chm.bris.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB06A701-7DCF-4C21-8E19-3B8F46D31988}: Domain = chm.bris.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB06A701-7DCF-4C21-8E19-3B8F46D31988}: NameServer = 137.222.40.4,137.222.10.39,137.222.10.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.bris.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chm.bris.ac.uk,ads.bris.ac.uk,bris.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.bris.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chm.bris.ac.uk,ads.bris.ac.uk,bris.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chm.bris.ac.uk,ads.bris.ac.uk,bris.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

Hi j.a.s.o.n,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

Reboot into safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) and delete:
C:\Program Files\Common Files\VCClient <= entire folder

Then boot back to normal.

Please download delcmdservice (http://users.telenet.be/marcvn/tools/delcmdservice.zip) (by Marckie), and save it to your Desktop.

Unzip the content to your Desktop (a folder named delcmdservice)
Double-click on the delcmdservice folder
Double-click on delreg.bat to launch the tool
When the tool has finished, please reboot your computer
Once rebooted, please scan with HijackThis! and post the new log, in your next reply

Okay, I followed your instructions. Below is my new log, however I couldn't find the folder you asked me to delete.

J
======================================


Logfile of HijackThis v1.99.1
Scan saved at 09:42:13, on 16/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HIJACK~1\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chm.bris.ac.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.bris.ac.uk/autoconfig
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031006 serial=DR12WEX-1512049-WLP lang=EN
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: Mulberry v3.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.chm.bris.ac.uk
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.bris.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = chm.bris.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB06A701-7DCF-4C21-8E19-3B8F46D31988}: Domain = chm.bris.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB06A701-7DCF-4C21-8E19-3B8F46D31988}: NameServer = 137.222.40.4,137.222.10.39,137.222.10.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.bris.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chm.bris.ac.uk,ads.bris.ac.uk,bris.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.bris.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chm.bris.ac.uk,ads.bris.ac.uk,bris.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chm.bris.ac.uk,ads.bris.ac.uk,bris.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

The log looks good. :bigthumb:
If Spybot should find anything, it should be able to clean it out permanently now.

Let us know.

Regards,

Pieter

I don't think thats worked, as spybot is still coming up with the same thing.
Below is my spybot log.
J
================================================



--- Report generated: 2006-03-21 11:09 ---

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-19 Includes\Cookies.sbi (*)
2006-03-19 Includes\Dialer.sbi (*)
2006-03-19 Includes\Hijackers.sbi (*)
2006-03-19 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-19 Includes\Malware.sbi (*)
2006-03-19 Includes\PUPS.sbi (*)
2006-03-19 Includes\Revision.sbi (*)
2006-03-19 Includes\Security.sbi (*)
2006-03-19 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-19 Includes\Trojans.sbi (*)

You did run delcmdservice from the desktop as I described ?

Yes, I followed the steps you set out above. When I double clicked on the bat file a command window flashed up briefly. Is this what's supposed to happen?
J

No. I think you should at least be able to read what it's doing.
And a text should open when it is finished.

Can you try again. Do be patient in case it takes a little longer.

okay I've tried it again. The HjT scan doesn't show those things I fixed last time, and the folder you said to delete still isn't there, so I ran the bat file again.
It flashed up a command box and then dissappeared, but I have run the batch file in a command box, and so below is what is says.
I'm not sure if running it in that way will affect how it works, but it seems to me that it is trying to effect a sequence of registry modifications.
I know this is a sensitive area of the computer, but since it isn't working, perhaps I could do it manually using regedit?

J

=======================================

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\system\currentcontrolset\enum\root\legacy_CMDSERVICE" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\system\currentcontrolset\enum\root\legacy_CMDSERVICE:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\system\ControlSet001\enum\root\legacy_CMDSERVICE" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\system\ControlSet001\enum\root\legacy_CMDSERVICE:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\system\ControlSet002\enum\root\legacy_CMDSERVICE" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\system\ControlSet002\enum\root\legacy_CMDSERVICE:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\system\ControlSet003\enum\root\legacy_CMDSERVICE" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\system\ControlSet003\enum\root\legacy_CMDSERVICE:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\SYSTEM\currentcontrolset\Services\cmdService" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\SYSTEM\currentcontrolset\Services\cmdService:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\SYSTEM\ControlSet001\Services\cmdService" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\SYSTEM\ControlSet001\Services\cmdService:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\SYSTEM\ControlSet002\Services\cmdService" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\SYSTEM\ControlSet002\Services\cmdService:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>Regdacl.exe "HKLM\SYSTEM\ControlSet003\Services\cmdService" /SGU:F(CI)

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key HKLM\SYSTEM\ControlSet003\Services\cmdService:

2 - The system cannot find the file specified.

C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CMDSERVICE"

Error: Key: system\currentcontrolset\enum\root\legacy_cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\ControlSet001\ENUM\ROOT\LEGACY_CMDSERVICE"

Error: Key: system\controlset001\enum\root\legacy_cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\ControlSet002\ENUM\ROOT\LEGACY_CMDSERVICE"

Error: Key: system\controlset002\enum\root\legacy_cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\ControlSet003\ENUM\ROOT\LEGACY_CMDSERVICE"

Error: Key: system\controlset003\enum\root\legacy_cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\currentcontrolset\Services\cmdService"

Error: Key: system\currentcontrolset\services\cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\ControlSet001\Services\cmdService"

Error: Key: system\controlset001\services\cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\ControlSet002\Services\cmdService"

Error: Key: system\controlset002\services\cmdservice does not exist!


C:\Documents and Settings\chzjrb\Desktop\delcmdservice>swreg DELETE "HKLM\SYSTEM\ControlSet003\Services\cmdService"

Error: Key: system\controlset003\services\cmdservice does not exist!

Can you see if the file regdacl.exe is present?

It looks as if that is the one it can't find.

Also try this one:

Please download and unzip Ren-cmdservice to your desktop.
It will only work correctly if the folder is placed on your desktop and extracted.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.

It is. However I am now using the 2006-03-24 definitions and no threats are found. I wonder if something has been changing in the definitions or whether your program fixed the problem, as I definitiely did not knowingly remove it myself with spybot or any other program.

Whichever; I thank you for your time, and patience, in helping me with this.

Regards,
Jason

Oh, I didn't see this on page two..
I have downloaded and run that batch file, and it says the key doesn't exist, so it must have been removed previously, rather than spybot ignoring it now. :confused:
Thanks again.
J

My pleasure. :o

Please read:
http://forums.spybot.info/showthread.php?t=279

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let Me or Tashi know.