Help with command service, ect

[rectangle]

The main thing that i have recurring that i think spawns the other bagillions of spyware applications on my computer is command service. I have tried S&D and it cant remove it among other things. Let his logfile speak for itself. Please help!

Logfile of HijackThis v1.99.0
Scan saved at 3:44:22 PM, on 4/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\U3B1bmt5\command.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\pzbmtkw.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\FCAdvice\FCAdvice.exe
C:\WINDOWS\win3207828754303.exe
C:\WINDOWS\System32\63656067636165.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\win3208287543038.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\pzbmtkwA.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
c:\windows\system32\prdsregs.exe
c:\windows\mousepad13.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\MBOLS~1\regedit.exe
C:\Program Files\Common Files\?icrosoft\n?tepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ipwins\ipwins.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{D3B14CB5-5C9C-9120-2730-2EC0B95E5367} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\flide.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qhphpht.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [96e28ec8c897] C:\WINDOWS\System32\atiiiexx.exe
O4 - HKLM\..\Run: [59205c6c39d6] C:\WINDOWS\System32\advapi32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\nwinsqag.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard13.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad13.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ds4dsp.exe reg_run
O4 - HKLM\..\Run: [win3207828754303] C:\WINDOWS\win3207828754303.exe
O4 - HKLM\..\Run: [BFC1BCC3BFBDC1C3] 63656067636165.exe
O4 - HKLM\..\Run: [ms04303828754] C:\WINDOWS\ms04303828754.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname13.exe
O4 - HKLM\..\Run: [win3208287543038] C:\WINDOWS\win3208287543038.exe
O4 - HKLM\..\Run: [w001bf34.dll] RUNDLL32.EXE w001bf34.dll,I2 00051fff0001bf34
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [{E0-01-1E-EE-ZN}] c:\windows\system32\prdsregs.exe GID003
O4 - HKLM\..\Run: [pzbmtkwA] C:\WINDOWS\pzbmtkwA.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [Taeo] "C:\WINDOWS\MBOLS~1\regedit.exe" -vt yazr
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Vin] C:\Program Files\Common Files\?icrosoft\n?tepad.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinsqag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: ihblajhl.dll,Runner.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service - Unknown - C:\WINDOWS\U3B1bmt5\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[LonnyRJones]

Welcome rectangle
Open a command prompt (start run type cmd press enter) type
sc delete "cmdservice"
press enter, type exit and press enter to exit the command prompt


Replace your hijackthis with the current version and post another log please
First Make a new folder, example C:\AntiSpyWare
and download/Save HijackThis, to that new folder.
This is necessary to ensure you have backups should anything go wrong
http://www.merijn.org/files/HijackThis.exe

Also:
Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.

chcp 1252
dir /B /AD %windir% >log.txt
echo...>>log.txt
dir /B /AD "C:\Program Files\Common Files" >>log.txt

Run check.bat and attach the log.txt

[rectangle]

i just tried running those things through "run" from the start menu, but the scan still shows cmdservice on my computer. I think maybe its because i have XP and it has a problem with dos so it seems to close the dos window as soon as it opens.

[LonnyRJones]

Its normal for that start run command to disapear.
Continue with the other instructions please.

[tashi]

This topic is closed due to lack of a response to helper.
If you need it re-opened please send me a pm and provide a link to the thread.