Command Service Infection! Help!!! HJT Attached

[unseenforce]

Just after some help; my PC has ben infected with Command Service which Spybot S&D will not remove. Bizarrely, Spybot removed something called Look2me, which Ewido keeps finding, no matter how many times it deletes it!?
Ad Aware is finding nothing at all now. Tried scanning in safe mode etc but 3 Command Service files keep returning. I'm at my wits end now, spent 8 hours last night trying to sort this. Hijack This txt attached, no idea what to fix!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:

 

[unseenforce]

Command Service Still There

Tried all the above; it's still there. Attached a new HJT Log (ran in safe mode) but really not confident with what to fix; can you please help?

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

cikuyghj.exe
lsass.exe /i
nat2.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {C013A1D3-0A18-4E84-B198-D40E4A918476} - \

O4 - HKLM\..\Run: [System Process] C:\WINDOWS\lsass.exe /i

O4 - HKLM\..\Run: [rTsRFHHMc] C:\WINDOWS\cikuyghj.exe

O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/7adpower/nat2.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\lsass.exe /i
C:\WINDOWS\cikuyghj.exe
nat2.exe

Reboot into normal mode and turn system restore back on.

Regards Howard

 

[unseenforce]

Still No Joy With Command Service

Tried the above then ran Spybot on reboot and it still cant delete 2 Registry Keys:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice
and;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\cmdservice
Any suggestions? Do I need to re-format and re-install windows? Or is command service a minimal threat? Thanks for your help and time, it's really appreciated.

 

[howard_hopkinso]

Go and run the Look2Me-Destroyer.exe from HERE.

Run it from safe mode.

Post a fresh HJT log.

Regards Howard

 

[unseenforce]

Here's the Log...

Did as you suggested; Look2me destroyer wouldn'r run in safe mode, it started off OK then when it said it would re-appear it never came back! Anyway ran it in Normal mode then scanned with HJT in Safe Mode, here's the results...

 

[howard_hopkinso]

Your HJT log is clean.

Regards Howard

 

[unseenforce]

Thanks

After doing some research on the Spybot forums; it appears that Command Service can show up in Spybot scans as a "false positive", so am i right in assuming my system is now OK?
Anyway ta for your help, you've been a star!

 

[howard_hopkinso]

so am i right in assuming my system is now OK?

Yes, your system is clean.

Thanks for your kind words.

Regards Howard