PDA

View Full Version : Dang Command Service crap...need help!!



JPheens
2006-03-28, 07:50
I've spent countless hours trying to fix this crappy thing

My HJT report is....

Logfile of HijackThis v1.99.1
Scan saved at 10:43:59 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Applications\Internet\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\Applications\Internet\Norton Internet Security\NISSERV.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\Internet\Norton Internet Security\SymProxySvc.exe
D:\Applications\Multimedia\iPod\bin\iPodService.exe
D:\Applications\Internet\AIM\aim.exe
D:\Applications\Multimedia\iTunes\iTunes.exe
D:\Applications\Internet\Mozilla Firefox\firefox.exe
D:\Applications\Internet\Mozilla Thunderbird\thunderbird.exe
D:\Applications\Internet\Spybot\Spybot - Search & Destroy\SpybotSD.exe
D:\Applications\Internet\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Applications\Internet\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpybotSnD] "D:\Applications\Internet\Spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YeppStudioAgent] D:\Applications\Multimedia\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Applications\Multimedia\Quicktime 7 Pro\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Applications\Internet\Spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [RegistryFix.exe] D:\Applications\Internet\Registry Fix\registryfix.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Applications\Internet\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Applications\Publishing\Adobe Reader\Reader\reader_sl.exe
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\PUBLIS~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Internet\Java Enviroment\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Internet\Java Enviroment\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\PUBLIS~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Applications\Internet\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135744483936
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Applications\Multimedia\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\SymProxySvc.exe

and my S&D report is

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

and whenever I try to use any programs like .bat's or the command prompt it says it's being used by another process

LonnyRJones
2006-03-28, 13:10
Welcome to the forum

Please post all your replys to this thread. dp not post in other members threads.

In the windows addremove programs uninstall quicklinks if its listed.

Start hijackthis click config msic tools > open process manager
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
Hilight any file running from start menue programs startup
then kill the proccess, click back ? scan and Place a check next to these items
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - Global Startup: wmplayer.exe
O4 - Global Startup (any xxx.exe)
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab (http://cabs.elitemediagroup.net/cabs/mediaview.cab)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
=============
click fix checked, close hijackthis



Make a new folder at this location,
C:\ called "BFU"
Download Brute Force Uninstaller. By Merijn author of Hijackthis.
http://www.merijn.org/files/bfu.zip
Unzip it to it’s own folder (c:\BFU)
Doubleclick on BFU.exe, Click the round green icon (open script URL)
copy then paste in


http://metallica.geekstogo.com/alcanshorty.bfu

Press execute and let it do it’s job.
Wait for the complete script execution box to popup and press OK.
If the script is really executed you should have seen a progress bar.
Press exit to exit the BFU program.
If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Restart the PC
Run HijackThis and post a fresh log.

JPheens
2006-03-28, 22:20
I should say that when I tried using the BFU thing i didn't see any progress bar it just went right away and said complete right away so I dont know if that means anything but there yah are

HJT report is...

Logfile of HijackThis v1.99.1
Scan saved at 1:17:28 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Applications\Internet\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\Internet\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\Applications\Internet\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Applications\Multimedia\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Applications\Internet\AIM\aim.exe
D:\Applications\Publishing\Adobe Reader\Reader\reader_sl.exe
D:\Applications\Internet\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Applications\Internet\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpybotSnD] "D:\Applications\Internet\Spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YeppStudioAgent] D:\Applications\Multimedia\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Applications\Multimedia\Quicktime 7 Pro\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RegistryFix.exe] D:\Applications\Internet\Registry Fix\registryfix.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Applications\Internet\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Applications\Publishing\Adobe Reader\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\PUBLIS~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Internet\Java Enviroment\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Internet\Java Enviroment\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\PUBLIS~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Applications\Internet\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135744483936
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Applications\Multimedia\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\SymProxySvc.exe

LonnyRJones
2006-03-28, 22:41
Looks like that did the trick :)


Hows norton running ? there should be an O4 run or two for it

Surf for a few hours, any problems now ?

JPheens
2006-03-28, 22:49
well My desktop is still showing nothing, Still Can't sign on to basically anything but this website, Norton can't turn on the firewall or email scanning, and whenever i try looking at windows firewall settings it says For an unidentified reason i can't see my settings, as far as i can tell it's still command service.

JPheens
2006-03-29, 03:27
ok now i don't see anything show up on Spy bot or Ad-Aware but, still having desktop, any sort of online sign in, and firewall problems, i guess i don't know if it's command service anymore

JPheens
2006-03-29, 03:29
oh and here's the latest on HJT

Logfile of HijackThis v1.99.1
Scan saved at 6:21:26 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Applications\Internet\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\Internet\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\Applications\Internet\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\svchost.exe
D:\Applications\Internet\Ad-Aware\Ad-Aware SE Personal\Ad-Aware.exe
D:\Applications\Internet\HijackThis\HijackThis.exe
D:\Applications\Internet\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Applications\Internet\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpybotSnD] "D:\Applications\Internet\Spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YeppStudioAgent] D:\Applications\Multimedia\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Applications\Multimedia\Quicktime 7 Pro\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RegistryFix.exe] D:\Applications\Internet\Registry Fix\registryfix.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Applications\Internet\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Applications\Publishing\Adobe Reader\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\PUBLIS~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Internet\Java Enviroment\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Internet\Java Enviroment\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\PUBLIS~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Applications\Internet\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135744483936
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Applications\Multimedia\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Applications\Internet\Norton Internet Security\SymProxySvc.exe

LonnyRJones
2006-03-29, 15:59
well My desktop is still showing nothing, Still Can't sign on to basically anything but this website, Norton can't turn on the firewall or email scanning, and whenever i try looking at windows firewall settings it says For an unidentified reason i can't see my settings, as far as i can tell it's still command service.


Describe the desktop problem in more detail
Was the wall paper now or in the past changed without your consent ?
What is the exact error when trying to adjust or look at the windows firewall settings ?

Uninstall all norton programs, reboot install them once again, be sure to update, any problems with Norton now ?

Logon problems with internet explorer, firefox or both ?

Command Service is not the problem, its only a leftover from the infection
However we can remove it>
Please download and unzip Ren-cmdservice to your desktop.
It will only work correctly if the folder is placed on your desktop and extracted.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.
It will not be there the next time you scan..

JPheens
2006-03-30, 01:29
I recently fixed Command service, thank you
The desktop problem - Whenever I try to put a picture as a back round, or for awhile i had google earth desktop(a picture of the earth which is refreshed and follows your time zone), but it is always blue unless there's an icon on the desktop, which there hardly every is and even then it looks a little odd

I will try to uninstall norton in a bit

and yes the logon problems are for both browsers, although I can sign on comcast to get mail, but only through thunderbird

LonnyRJones
2006-03-30, 03:53
Try using a differant theme, meaning change it, apply, OK then change back to what you prefer

JPheens
2006-03-30, 05:04
K that didn't do anything

and when i try to uninstall Norton it says i need to be signed in as a supervisor or something, I've never had to do that, and don't recall making that kind of sign-in when i installed it

LonnyRJones
2006-03-30, 15:52
Administrator ?

If you have to restart the pc into safe mode, sign in as admin then uninstall..
If that fails, symantec offers additional tools to help uninstall if needed
http://basconotw.mvps.org/SymRem.htm

For the desktop problem try this
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.(not including the word code)
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
"WallpaperFileTime"=-
"WallpaperLocalFileTime"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoHTMLWallPaper"=-
"NoAddingComponents"=-
"NoChangingWallpaper"=-
"NoComponents"=-
"NoDeletingComponets"=-
"NoEditingComponents"=-


Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Restart your PC.

tashi
2006-04-05, 19:39
How is it going JPheens.

LonnyRJones
2006-04-25, 01:48
Next time as a courtesy let us know whats going on
http://forums.spybot.info/showthread.php?p=22282#post22282