command services?

Macnab
Macnab Posts: 314 Forumite
in Techie Stuff
Thank you Browntoa I followed your sticky on malware removal, took 3 days but finally got there and the computers running much better with no pop up adverts, odd things in my favourites and tool bars etc However one pop up from PCguard keeps showing every 5 mins that Anti Spyware has failed to delete Command Services and I should go to the spyware centre to learn more. When I do this theres no information. The location is
hkey-local-machine\system\currentcontrolset\enum\root\legacy-net...\000

any suggestions?

Thanks
«1

Comments

  • Macnab
    Macnab Posts: 314 Forumite
    can't concentrate with this pesky message, hope someone can help before I'm reduced to paying the exorbitant rate to phone pc guards help centre
  • woo
    woo Posts: 1,226 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    have you used hijackthis at all, it would be helpful to post the log so others can see what the issue is.
    Ever stop to think and forget to start again?
  • Macnab
    Macnab Posts: 314 Forumite
    woo wrote:
    have you used hijackthis at all, it would be helpful to post the log so others can see what the issue is.

    yes used hijackthis and no sign of this shows up
  • woo
    woo Posts: 1,226 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    so nothing like..

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGVuayBPZXZlcmluZw\command.exe

    .. in it?
    Ever stop to think and forget to start again?
  • paul8811
    paul8811 Posts: 62 Forumite
    Part of the Furniture Combo Breaker
    have you done the Trend housecall scan http://housecall.trendmicro.com/ that should kill off most things
  • Macnab
    Macnab Posts: 314 Forumite
    woo wrote:
    so nothing like..

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGVuayBPZXZlcmluZw\command.exe

    .. in it?

    will double check
  • Macnab
    Macnab Posts: 314 Forumite
    What do you think Woo? theres a couple of suspect 023's

    Logfile of HijackThis v1.99.1
    Scan saved at 12:36:05, on 25/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\blueyonder\PCguard\fws.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    C:\Program Files\Orange\Synchronisation Companion\Voxsync.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
    C:\Program Files\blueyonder IST\bin\mad.exe
    C:\Program Files\blueyonder\PCguard\RPS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: Synchronisation Companion.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
    O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • Macnab
    Macnab Posts: 314 Forumite
    paul8811 wrote:
    have you done the Trend housecall scan http://housecall.trendmicro.com/ that should kill off most things

    yes followed all instructions on Browntoa's sticky - twice, including housecall
  • woo
    woo Posts: 1,226 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    It does look pretty clean, only think i can think of is if PCGuard is trying to delete and old 16Bit application or similar then SecuROM will stop it.
    SecuROM is a DVD / CD protection that might have been installed by a game..

    Hopefully Browntoa or PCHelpman will be along shortly to cast a 2nd pair of eyes... :)
    Ever stop to think and forget to start again?
  • Macnab
    Macnab Posts: 314 Forumite
    ok will wait till then, thanks for looking
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 242.9K Work, Benefits & Business
  • 619.8K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture