i took a look at it and found this Spysheriff Malware.
since im the only one who knows anything about computer-know-how...i have been flagged to fix this.
Were running windows 2000..... i know..i know....out of date as [bleep]...but im not incharge of buying new software....
I've run (all in safe mode in no particular order)
Ad-Aware
Clean Up
Autoruns
CWShredder
Xoft Spy
Ewido
a crappy mcaffee virus scan
registry mechanic
and Spybot search and destroy.
After running them in safe mode,
finally with Xoft i was able to uninstall Spysheriff to the point where it didnt return when i rebooted in normal mode.
But still, the wallpaper is locked on the " SYSTEM STOPPED-yadda yadda yadda" block of text
Also i cant open task manager at all.
and the main program that runs all of our appointment scheduling wont boot up properly.
So ive run hijackthis and holy bajeeezus ....the list looks...odd at best.
i dont want to delete anything with out an expert opinion.
so if you guys could please help me out in your infiniate wisdom id appriciate it!
Logfile of HijackThis v1.99.1
Scan saved at 1:55:51 PM, on 6/21/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
O1 - Hosts: 172.20.1.1 m2328
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D9662E87-7B13-853C-5B3C-0E5A582423E6} - blank (file
missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe
/v=3 /cleanup
O4 - HKLM\..\RunOnce: [mcagntps.dll] rundll32.exe advpack.dll,RegisterOCX
c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
O4 - HKLM\..\RunOnce: [mcupdmgr.exe]
c:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe -regserver
O4 - HKLM\..\RunOnce: [vsoupd.dll] rundll32.exe advpack.dll,RegisterOCX
c:\PROGRA~1\mcafee.com\vso\vsoupd.dll
O4 - HKLM\..\RunOnce: [mcvsescn.exe]
c:\PROGRA~1\mcafee.com\vso\mcvsescn.exe -regserver
O4 - HKCU\..\Run: [Brct] C:\Program Files\atce\trdb.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital
Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} -
http://iclass.misysh...entraDownloader.
cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{97A100FB-E629-40C8-B281-5CB22C1A013D}:
NameServer = 172.20.1.200
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program
Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation -
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program
Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINNT\svchost.exe
(file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation -
C:\WINNT\System32\NMSSvc.exe
__________________________________________
thanks again!
O and i attached a copy of the log as well....