I hate how this has to be my first post, but here goes.

(ofcourse after reading all the necessary stickies)

(btw i've read all the other "command service" help threads, and i have to say, the help is amazing, im just afraid to mirror what advice you've given them.. so i hope you don't mind this..)


Logfile of HijackThis v1.99.1
Scan saved at 1:07:46 AM, on 25/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: |?-μ?÷(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /waitprograms
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java ￥D±±￥x - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://9dragons.acclaim.com/acclaim.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: IPConfMSP - C:\WINNT\system32\oyslb400.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\jt2o07f3e.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINNT\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

(PROBLEM! i can't seem to use the only panda antivirius.. so i downloaded the trial version of it, and im not sure how to get a log out of it?)

Welcome to the forum, you said:
(ofcourse after reading all the necessary stickies) You must have missed this one: http://forums.spybot.info/showthread.php?t=288

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click that, save the log somewhere, and copy/paste into your own new topic

Please copy and paste all logs as instructed. Let's chat a moment. You said this:

(btw i've read all the other "command service" help threads, and i have to say, the help is amazing, im just afraid to mirror what advice you've given them.. so i hope you don't mind this..)If you are talking about the registry items Spybot locates (command.exe) they are leftovers from a poor removal by another program (perhaps Ad-aware) and are not a problem. If they are still there when we finish, we will address them.

Now here are the issues I do see:
O20 - Winlogon Notify: IPConfMSP - C:\WINNT\system32\oyslb400.dll
This does not identify and it is probably a trojan, use one or more of these free online scans to find out what it is and post the information for me to view.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html
You are checking this file: C:\WINNT\system32\oyslb400.dll


You also have this item:
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\jt2o07f3e.dll (file missing)
Winlogon Notify Uninstall, URL, WebCheck, WindowsUpdate, SharedDLLs,
MCD, FS Templates X random named dll in the System32 folder Variant of Adware.Look2Me
Is some nasty adware called Look2me and it may or may not be active. We need to find that out and will start by doing that.

1) Turn of TeaTimer until we are done, it will block changes we must make.
http://russelltexas.com/malware/teatimer.htm

Thanks to Atribune and any others who helped with this fix.

2) Please download Look2Me-Destroyer.exe (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

More info:

If for some reason Look2Me-Destroyer doesn't reopen check that task scheduler is running.
If it isnt you can use sc.exe to start it

start>run sc start schedule press enter.

Make sure the computer is restarted and post the two logs bolded above, the information about oyslb400.dll and any comments you think will help.

Thanks

:scratch:
This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.