help me remove cmdservice plz!!

i keep getting this cmdservice from spybot-S&D, i try to delete them in safemode and normal but no luck...spybot keep saying cant delete and search next time on start up but even in start up cant delete them.

they are in
HKEYlocalmachine/system/controlset001 and 003/cmdservice
same/same/currentcontrolset/cmdservice

please help me remove it!!!

 

Did you compete the READ ME as requested in the thread we previously was working in?

Attach the log from Spybot with a HJT log.

 

what you mean by log from Spybot with a HJT log? just the HJT log you mean?

 

Sorry about the confusion, attach the log from Spybot so I can see what exactlt it's finding along with a HJT log.

I need both logs.

 

i did do those step on your last post about the auto reboot but didnt do the Online Virus And Trojan Scanning, since they dont fix anything so i dont bother...
anyway here the HJT log

Inline logs attached!

 

Download Pocket KillBox
(Don't run it yet)


Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)

O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)

O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} -
O16 - DPF: {2A7EFEAA-8059-4C69-8FE2-4BA999C3B102} (TrickCtrl Class) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) -

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


NEXT:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\SYSTEM32\msupdate32.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, scan with HJT and attach the fresh log. Also check to see if Spybot still detects the service.

 

i did those step but no luck...the service still there...
here the HJT logs

Inline log attached!

 

Click Start > Run > type services.msc and Click OK

Locate cmdService and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

cmdService

You may be told to reboot at this point. Do not reboot just exit HijackThis as we will be restarting it with different options in a moment.

After you complete the above, run the below once more.

Download L2MeFix Tool and save it where you will be able to find it.

Please print out these instructions now or save locally so that you can operate with All Browser Windows CLOSED.

Exit Browsers now before continuing

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log. Save this log. You will need to post this log back here later when you come back.

Next DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please also attach this log to your next message.

Now open your browser and come back here and post the above two logs as attachments to your message. Also indicate your current status.


NOTE: Please do not run any other options or files in the l2mfix Folder!

 

well, i fixed the problem before your last post...guess what i used? its webroot spy sweeper!! dam, its great, it even found some spyware/adware that spybot S&D, ADwareSE, MSantispyware, ewido and panda06 cant find! thanks for helping! try spysweeper ...it did help me a great deal ( ofcouse you too)

 

one problem tho...now that the computer start up is much slower than it used to...is there a way to fix it?

 

If you used SS to remove items, you have the older version. They have changed it and now you can no longer fix anything until its purchased. This is why we no longer use it in the forum.

Attach a fresh HJT log.

 

really? but i used spybot S&D and it cant find the service anymore...
here the HJT log

Inline log attached!

 

Erm...this could be how you used SS to fix your problems! LOL!!!

Your log looks clean, are you having any further problems?

 

hmm dont think i got anymore spyware problem for now
but im not sure if i should/can talk about this in here...its about slow startup...but i think its the extra program i have to open during the startup right? if not please tell me.
another thing is i saw some link in the HJT log and i think i already uninstall those program long time ago...link like O16 - DPF: {7DC7515B-9075-4650-9916-FCCA790C3E4F} (YTAX Class) -http://file.yogurting.co.kr/OB/YTLauncher.cab and afew others...so i think there lots old program that i uninstall and still have lots junk left over in registry ...there must be ways or program that can help me wipe them out right? plesae tell me if you know any

 

The O16 entries in HJT are only ActiveX Controls, if you like you can check each one and fix them. If needed you will just be prompted again to reinstall, nothing to it.

If you want a registry cleaning, download Reg Supreme Pro, install and run the program. This will clean your registry and should make you run a little faster. Be sure you name your backup file if you use it.

You should see this article on How to Protect yourself from malware!

Surf Safely!