PDA

View Full Version : Can't get rid of Command Service



u890243
2006-07-27, 14:22
Please help...I am unable to get rid of Command Service and six other objects after running several Spybot in safe mode. Following is my HJT log file.

Logfile of HijackThis v1.99.1
Scan saved at 11:08:54 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [Windows Jump Drive] MDRUUWXMJEH.EXE
O4 - HKLM\..\Run: [Google Keyhole System] GOOGLEKEYHOLE.EXE
O4 - HKLM\..\Run: [Spy Watcher] "C:\Program Files\Free Spyware
Scanner\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\yafconfig.exe
/auto
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [qfoo] C:\PROGRA~1\COMMON~1\qfoo\qfoom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
O4 - HKCU\..\RunOnce: [SpySweeperUninstallSurvey]
http://products.webroot.com/disp0201.php?pc=64021&rc=1&ps=T&oc=33&mjv=5&mnv=0&bld=1286&cd=&dcc=&drc=&mo=&sid=1879062508&lang=en&loc=USA&opi=2&omj=5&omn=1&rsc=
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/315bf8520d286b52dc22/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} -
http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\dnl0013me.dll (file
missing)
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates,
Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\VsTskMgr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -
C:\WINDOWS\system32\pctspk.exe
O23 - Service: Windows IMAP Shell - Unknown owner - C:\WINDOWS\imaped.exe
O23 - Service: WUSB54GPSVC - Unknown owner - C:\Program Files\Wireless-G
Portable USB Adapter\WLService.exe" "WUSB54GP.exe (file missing)

pskelley
2006-07-31, 22:18
Hello and welcome to the forum. If you are not receiving help elsewhere and still need help, please do this.

1) In notepad under Format, uncheck "Word Wrap", produce all HJT logs like this, single spaced.

2) I need all logs in Normal mode with everything enabled in MSConfig.

3) Post a complete HJT log, do not remove anything from , I need to see it all.

Post a new HJT log according to those instructions, if you no longer need help, I would appreciate a post to let us know so we can close the topic.

Thanks

tashi
2006-08-05, 19:38
This topic is closed due to lack of a response to helper.

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.