can someone help a n00b?
- Thread starter negation
- Start date
Run the program and in the address bar paste:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
Then click the Go button and the program will look up that key and select it.
Now, in the right hand pane, rightclick the line that starts with "Service"
and choose Delete.
You will probably get a prompt saying Access Denied
If so Rightclick the key in the lefthand-pane and choose Properties.
On the properties screen you will see a button labelled Take Ownership.
Press that button and after the Success message go back to the righthand screen and try to delete the "Service" line again.
Let me know what happens.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
Then click the Go button and the program will look up that key and select it.
Now, in the right hand pane, rightclick the line that starts with "Service"
and choose Delete.
You will probably get a prompt saying Access Denied
If so Rightclick the key in the lefthand-pane and choose Properties.
On the properties screen you will see a button labelled Take Ownership.
Press that button and after the Success message go back to the righthand screen and try to delete the "Service" line again.
Let me know what happens.
Did you update before you scanned?
You can also repeat the procedure with RegLite for:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
and
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000
Let me know.
You can also repeat the procedure with RegLite for:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
and
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000
Let me know.
BWAHAHAHAHA!!!!1 IT WORKED 
WE WIN only thing is now my desktop is still scrambled. so my computer is officially virus/malware free...how might i go about fixing the damage it did? isnt that what i'm dealing with at this point then?
whenever i check the properties of my desktop it says it's an html file with this source file://C:\WINDOWS\Web\desktop.html, which, upon checking in my c drive is not there. the desktop blinks white and grey and it doesnt always respond to clicking on icons...do you think you might be able to help with that?
thanks so much for your help, you're king :crowned:
uhm...i'm just trying to look into this desktop thing and noticed that there's an option when you right click on the desktop to "view source" which brings up a txt file with some info...thought this might help you help me on what's taken over my desktop
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!----
***** This file is automatically generated by Microsoft Windows *****
--------><HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#004e98 leftMargin=0 background="" topMargin=0
rightMargin=0><IFRAME id=0
style="BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1024px; POSITION: absolute; TOP: 1px; HEIGHT: 767px"
name=DeskMovrW marginWidth=0 marginHeight=0
src="file:///C:/WINDOWS/Web/desktop.html" frameBorder=0 scrolling=no
subscribed_url="C:\WINDOWS\Web\desktop.html" resizeable="粶ᶅ"> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: -1; LEFT: -3px; VISIBILITY: hidden; WIDTH: 1030px; POSITION: absolute; TOP: -19px; HEIGHT: 790px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
</BODY></HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!----
***** This file is automatically generated by Microsoft Windows *****
--------><HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#004e98 leftMargin=0 background="" topMargin=0
rightMargin=0><IFRAME id=0
style="BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1024px; POSITION: absolute; TOP: 1px; HEIGHT: 767px"
name=DeskMovrW marginWidth=0 marginHeight=0
src="file:///C:/WINDOWS/Web/desktop.html" frameBorder=0 scrolling=no
subscribed_url="C:\WINDOWS\Web\desktop.html" resizeable="粶ᶅ"> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: -1; LEFT: -3px; VISIBILITY: hidden; WIDTH: 1030px; POSITION: absolute; TOP: -19px; HEIGHT: 790px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
</BODY></HTML>
Errrm. I feel like I only stood by and watched how you did it yourself. 
Glad we could help and please read: http://forums.spybot.info/showthread.php?t=279
Glad we could help and please read: http://forums.spybot.info/showthread.php?t=279
