-
Hi
Looks like there's no info we need, unfortunately (nothing in "Search result list")
Please download the Registry Search tool by clicking on the "hard drive" icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for cmdService and click OK. Post the logfile from the tool here for me.
-
Sorry to sound dumb again, but I can't see a hard drive icon on that page.
Can you clarify?
Thanks
-
-
Sorry! Very slow on the uptake today! :oops:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "cmdService" 20/05/2007 22:17:18
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"1"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
"2"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\VEKNZ1C1\\delcmdservice[1].zip"
-
Hi
- Download RegASSASSIN by malwarebytes.org from here
- Unzip/extract it to a folder on your desktop
- Double-click on RegASSASSIN.exe to start RegASSASSIN
- Copy and paste the below into the white box
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
- Click Delete
- Answer Yes to any prompts
Do another search for "cmdService" with registry search tool and post back results.
-
When running RegASSASSIN I got 'Error: Hive return NULL' for every single one.
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "cmdservice" 21/05/2007 20:37:33
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
-
Hi
Ok, then try again without these in each line -> [ ]
-
1,2,3,5&6 on the list 'Could not be removed'. 4 was succesfully deleted.
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "cmdService" 22/05/2007 10:40:18
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
-
Hi
Then we use another tool:
- Go here and download subinacl.msi
- Double click on subinacl.msi to start the installation of Subinacl
- Click Next>
- Select I accept and click Next>
- Click browse
- From the drop down menu select C:\
- Double click on WINDOWS and then system32
- Click OK
- Click Install now
- Click Finish
Copy text below to Notepad and save it as delcmd.bat (save it as all files, *.*)
@echo off
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService"
) Do (
subinacl.exe /subkeyreg %%R /setowner=%username% /grant=%username%=F
reg delete %%R /f
)
It should look like this -> http://users.telenet.be/bluepatchy/m...images/bat.JPG
Doubleclick delcmd.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
Do another search for cmdService with reg search tool and post back results.
-
Think I did that all OK.
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "cmdService" 22/05/2007 13:31:58
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"
"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"