Yes, I have the same problem as many other people. I had my PC absolutely invaded by adware and spyware, and I got rid of nearly all of it. All that was left (according to Spybot S&D) was the 3 notorious entries from CmdService. Everytime I click on "fix selected problems" It manages to delete one of the, but there are still two that remain alive.
Here is the log from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:08:03, on 07/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ICROSO~1.NET\TI2EVX~1.EXE
C:\WINDOWS\System32\CROSOF~1\cmd.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\documents and settings\all users\start menu\programs\startup\taskmgr.exe
c:\documents and settings\all users\start menu\programs\startup\msconfig.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {4AB6A2A1-08BF-42B8-91F5-CC2FAFDB5C1C} - C:\WINDOWS\System32\lexlmpmd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96B93635-AD8E-D87B-F83D-FFEA18B07597} - C:\WINDOWS\System32\xebnm.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Jzznka] C:\PROGRA~1\ICROSO~1.NET\TI2EVX~1.EXE
O4 - HKCU\..\Run: [Atat] "C:\WINDOWS\System32\CROSOF~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: msconfig.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: taskmgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: chkntfs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please help as soon as possible!!
:mad:

Welcome to the forum

Set windows to show hiddenfiles/folders and extensions
for XP systems Open any folder, Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Apply to confirm. Click OK.

1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)

Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
Update the program and close it

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As")
save as text Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt rename to alcanshorty.bfu
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:

Click on scanner
Scanner tab at the top and then click on Complete System Scan This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the
recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Run a full system scan with your antivirus program, when it is finished check for and fix any problems found with SpyBot

Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

I have a SLIGHT problem.....
:spider:
BFU keeps crashing before it reaches the end. It gets about 3/4 of the way there, and then it just stops, and I wait for AGES and it doesn't movr, and task manager tells me that it's not responding...then I get frustrated and end the process.
Is this a common thing, or is it just my pc?

Odd,

Post the ewido and hiajckthis logs if the pc is in normal mode now.

OK, Here's the Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 20:05:24, on 07/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\ICROSO~1.NET\TI2EVX~1.EXE
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {4AB6A2A1-08BF-42B8-91F5-CC2FAFDB5C1C} - C:\WINDOWS\System32\lexlmpmd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96B93635-AD8E-D87B-F83D-FFEA18B07597} - C:\WINDOWS\System32\xebnm.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Jzznka] C:\PROGRA~1\ICROSO~1.NET\TI2EVX~1.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: chkntfs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

And I'm afraid the Ewido log makes the test entry 126 084 when I only have space for 20 000 characters....


It says "no action taken" on alot of them.
Why on earth is it saying "no action taken" ??? I set it to delete them, and on ewido it said "done" after all of them.....

that's "text" entry, not "test" entry...

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it get.bat > file types *all files*> and save it to desktop.



@echo off
attrib -h -s "C:\PROGRA~1\ICROSO~1.NET\*.*"
attrib -h -s "C:\WINDOWS\System32\CROSOF~1\*.*"
attrib -h -s "C:\WINDOWS\system32\chkntfs.dll"
md %systemdrive%\!submits
md %systemdrive%\!submits\SUB
move /y "C:\PROGRA~1\ICROSO~1.NET" %systemdrive%\!submits\
move /y "C:\WINDOWS\System32\CROSOF~1" %systemdrive%\!submits\SUB\
move /y "C:\WINDOWS\system32\chkntfs.dll" %systemdrive%\!submits\


Run get.bat
Zip up and Send this entire folder to me please c:\!submits
Send to lonnyATsubratam.org
Replace AT with @ and include a link back to this thread.




In windows control panel doubleclick the sunjava(java) icon
and use the delete files button.
Update suns java manualy
Sun Java V1.5.0_07 is Available:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Afterwards it's important to uninstall the old version's.



Scan with Hijackthis and fix these items
O2 - BHO: (no name) - {4AB6A2A1-08BF-42B8-91F5-CC2FAFDB5C1C} - C:\WINDOWS\System32\lexlmpmd.dll (file missing)
O2 - BHO: (no name) - {96B93635-AD8E-D87B-F83D-FFEA18B07597} - C:\WINDOWS\System32\xebnm.dll (file missing)
O4 - HKCU\..\Run: [Jzznka] C:\PROGRA~1\ICROSO~1.NET\TI2EVX~1.EXE
O20 - AppInit_DLLs: chkntfs.dll
=====================
dont worry about the hijackthis error

Restart your pc and post another log

Ewido:
"It says "no action taken" on alot of them."
I assume you will need to run it again after re-reading the instructions :)

JRE 5.0 UPDATE 7 is 153 MB????
Dear god this will take a while.....

Get the third one on the list


Java Runtime Environment (JRE) 5.0 Update 7
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.

http://java.sun.com/javase/downloads/index.jsp

OH NO!
When I tried to fix the hijackthis things, this message:


An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: chkntfs.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

popped up.


=O


Help?

dont worry about the hijackthis error


Post another Hiajckthis log after using the pc for about a full day please.

Anyway, here's the Hijackthis log file (I think It deleted them anyway) :

Logfile of HijackThis v1.99.1
Scan saved at 09:03:09, on 07/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Looks great :)

Any problems to report ?

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

That's Great! thanks!

Although, I don't know if this is related in anyway, but my computer is alot slower than it used to be, and it still is rather slow. I only formated it like 2 weeks ago! It might be because I downloaded the windows Vista XP theme, but I'm not sure....

Any ideas?

And, Unfortunately, Command Service is still turning up on the Spybot S&D scan.
=[
and I try to remove them...and it says

1 problem was fixed, 2 could not be fixed etc etc.

I thought it would have been fixed!!!!



:spider:

For the slowness, perhaps post in a general troubleshooting section of a forum, I doubt it is malware related.


For command service, its just a harmless leftover but we can fix that.
Please download and unzip Ren-cmdservice to your desktop.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.
When next you check for problems it wont or shouldnt be there.

Ok, here's the ren-cmdservice text file:

Running from C:\Documents and Settings\David\Desktop\ren-cmdservice
No Image Path Listed in Registry

-----------------
Deleting cmdservice key
cmdservice key deleted
..
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
Finised, Post this text then
Please Restart your PC
ren-cmdservice.bat edited 6-25-2006
-----------------

OK, I think Cmdservice is finally gone.......

BUT (Yes, there's a but)

Do you know of any malware called Ipwins? Because it's just randomly turned up.....
And also, I have found two installer files in the startup folder called "tskmngr" and "msconfig" I suspect these to be malware, and they are called this to discourage people from deleting them. I have removed them, and this incredible slowness is hugely increasing...I found that when I tried to reboot my PC, all of my drivers had decided to delete themselves, and I had all of these windows hardware configuration windows popping up at startup, prompting me to "Install hardware"
I don't know if this is at all malware related, but I don't know what to do with my hugely messed up PC. Do you think I should format my drive (again)?

Format and a clean install is your choice
If your going to continue using filesharring program's you will need to get used to formating etc etc, big hassle.

haha yes, I have found out lol!
I do try to scan everything before I run it, but all this crap still gets through.
oh well, lol, I think I should just stop downloading things that aren't necessarily legal...ie, photoshop :laugh:
Or I'll just stop downloading things. lol

Anyway, thanks for your help.

"I do try to scan everything before I run it, but all this crap still gets through."

Yep, you could scan it with four five differant program's and still they would get threw, they seam to always have the newest exploits/trojans/spyware, its even packaged inside programs and could be set not to surface for a month, so you would never know were it came from.

Keep that new clean install safe.

ARGH!

Command Service is back!!!

only like 3 days after I got rid of the DAMN THING!!!!


I keep scanning my pc with spybot S & D, and just now, bloody "Command service" has turned up again.

I haven't run any downloaded or suspicious programs since the removal...

ARGH!!!!

Isn't there a permanent solution that BLOCKS command service from installing itself????

Best advice i can give at this point:
Format and a clean install then stay a mile away from p2p programs and crack/serial/keygen sites.

Good Advice!!!


I'll keep that in mind....

Im Glad we could help
Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.