Page 3 of 10 FirstFirst 1234567 ... LastLast
Results 21 to 30 of 99

Thread: Command Service

  1. #21
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Looks like there's no info we need, unfortunately (nothing in "Search result list")

    Please download the Registry Search tool by clicking on the "hard drive" icon halfway down this page:
    http://www.billsway.com/vbspage/
    Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for cmdService and click OK. Post the logfile from the tool here for me.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  2. #22
    Member
    Join Date
    May 2006
    Posts
    87

    Default

    Sorry to sound dumb again, but I can't see a hard drive icon on that page.

    Can you clarify?

    Thanks

  3. #23
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    It looks like this ->
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #24
    Member
    Join Date
    May 2006
    Posts
    87

    Default

    Sorry! Very slow on the uptake today!

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "cmdService" 20/05/2007 22:17:18

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
    "1"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    "2"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"

    "3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\VEKNZ1C1\\delcmdservice[1].zip"

  5. #25
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    • Download RegASSASSIN by malwarebytes.org from here
    • Unzip/extract it to a folder on your desktop
    • Double-click on RegASSASSIN.exe to start RegASSASSIN
    • Copy and paste the below into the white box


      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

    • Click Delete
    • Answer Yes to any prompts


    Do another search for "cmdService" with registry search tool and post back results.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #26
    Member
    Join Date
    May 2006
    Posts
    87

    Default

    When running RegASSASSIN I got 'Error: Hive return NULL' for every single one.

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "cmdservice" 21/05/2007 20:37:33

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
    "2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    "3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"

  7. #27
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Ok, then try again without these in each line -> [ ]
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #28
    Member
    Join Date
    May 2006
    Posts
    87

    Default

    1,2,3,5&6 on the list 'Could not be removed'. 4 was succesfully deleted.

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "cmdService" 22/05/2007 10:40:18

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
    "2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    "3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"

  9. #29
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Then we use another tool:

    • Go here and download subinacl.msi
    • Double click on subinacl.msi to start the installation of Subinacl
    • Click Next>
    • Select I accept and click Next>
    • Click browse
    • From the drop down menu select C:\
    • Double click on WINDOWS and then system32
    • Click OK
    • Click Install now
    • Click Finish


    Copy text below to Notepad and save it as delcmd.bat (save it as all files, *.*)

    @echo off
    FOR %%R IN (
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE"
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService"
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE"
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE"
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService"
    ) Do (
    subinacl.exe /subkeyreg %%R /setowner=%username% /grant=%username%=F
    reg delete %%R /f
    )

    It should look like this ->

    Doubleclick delcmd.bat; black dos windows will flash, that's normal.

    (In case you are unsure how to create a bat file, take a look here with screenshots.)

    Do another search for cmdService with reg search tool and post back results.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #30
    Member
    Join Date
    May 2006
    Posts
    87

    Default

    Think I did that all OK.

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "cmdService" 22/05/2007 13:31:58

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
    "Service"="cmdService"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
    "0"="Root\\LEGACY_CMDSERVICE\\0000"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
    "a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
    "2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

    "3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •