Thread: All Apps close immediately, help please.
View Single Post
Old 10-09-2007, 10:58 PM   #4 (permalink)
drwatson
Registered User
 
Join Date: Oct 2007
Posts: 7
OS: Windows 2000


Re: All Apps close immediately, help please.
Here is Main.txt: (and please find the extra.txt attached.)

I was able to run dss in normal mode before the program was killed, by changing the process to realtime after login. Shortly after the main.txt appeared it was shutdown.

Deckard's System Scanner v20070905.67
Run by lcladmin on 2007-10-09 23:51:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as lcladmin.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:51 PM, on 10/9/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
E:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Documents and Settings\lcladmin\Desktop\dss.exe
C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
C:\WINNT\system32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\DOCUME~1\lcladmin\Desktop\lcladmin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - E:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINNT\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINNT\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINNT\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135192468824
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe (file missing)
O23 - Service: Search Engine Commando Schedule Service (SECScheduleService) - Tates Creek Software, LLC - E:\Program Files\Search Engine Commando\ScheduleService.exe

--
End of file - 6283 bytes

-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-09 23:51:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_f4.dat
2007-10-09 23:49:16 376564 ---h----- C:\WINNT\ShellIconCache
2007-10-09 2351 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Talkback
2007-10-09 23:05:38 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Google
2007-10-09 23:05:15 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Mozilla
2007-10-09 23:00:37 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Identities
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\Templates
2007-10-09 23:00:32 0 d-------- C:\Documents and Settings\lcladmin\Start Menu
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\SendTo
2007-10-09 23:00:32 0 dr-h----- C:\Documents and Settings\lcladmin\Recent
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\PrintHood
2007-10-09 23:00:32 327680 --ah----- C:\Documents and Settings\lcladmin\NTUSER.DAT
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\NetHood
2007-10-09 23:00:32 0 d-------- C:\Documents and Settings\lcladmin\My Documents
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\Local Settings
2007-10-09 23:00:32 0 dr------- C:\Documents and Settings\lcladmin\Favorites
2007-10-09 23:00:32 0 d-------- C:\Documents and Settings\lcladmin\Desktop
2007-10-09 23:00:32 0 d---s---- C:\Documents and Settings\lcladmin\Cookies
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\Application Data
2007-10-09 21:04:18 0 d-------- C:\Documents and Settings\Riley\Application Data\Google
2007-10-09 21:03:36 0 d-------- C:\Documents and Settings\Riley\Application Data\Talkback
2007-10-09 21:03:07 0 d-------- C:\Documents and Settings\Riley\Application Data\Mozilla
2007-10-09 21:02:03 0 d-------- C:\Documents and Settings\Riley\Application Data\Identities
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\Templates
2007-10-09 21:01:56 0 d-------- C:\Documents and Settings\Riley\Start Menu
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\SendTo
2007-10-09 21:01:56 0 dr-h----- C:\Documents and Settings\Riley\Recent
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\PrintHood
2007-10-09 21:01:56 225280 --ah----- C:\Documents and Settings\Riley\NTUSER.DAT
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\NetHood
2007-10-09 21:01:56 0 d-------- C:\Documents and Settings\Riley\My Documents
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\Local Settings
2007-10-09 21:01:56 0 dr------- C:\Documents and Settings\Riley\Favorites
2007-10-09 21:01:56 0 d-------- C:\Documents and Settings\Riley\Desktop
2007-10-09 21:01:56 0 d---s---- C:\Documents and Settings\Riley\Cookies
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\Application Data
2007-10-09 21:01:56 0 d---s---- C:\Documents and Settings\Riley\Application Data\Microsoft
2007-10-09 20:33:22 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2007-09-22 13:45:06 1364 --a------ C:\Documents and Settings\All Users.WINNT\Application Data\QTSBandwidthCache


-- Find3M Report ---------------------------------------------------------------

2007-10-09 23:00:39 0 d-------- C:\Program Files\Common Files
2007-08-17 00:00:50 0 d-------- C:\Program Files\RegCleaner
2007-08-13 17:16:43 0 d-------- C:\Program Files\Orwell
2007-08-09 20:34:48 0 d-------- C:\Program Files\SEO Elite
2007-08-07 20:01:00 664 -----n--- C:\WINNT\system32\d3d9caps.dat
2007-08-04 15:19:30 93248 -----n--- C:\WINNT\Orwell Uninstaller.exe
2007-08-03 21:44:44 16384 --------t C:\WINNT\system32\Perflib_Perfdata_344.dat
2007-07-18 22:29:02 31 -----n--- C:\WINNT\J


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [12/17/03 06:40a]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"gcasServ"="E:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [11/15/05 12:12p]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [05/25/04 10:16a]
"InetCntrl"="C:\WINNT\system32\InetCntrl\InetCntrl.exe" [01/29/07 11:10a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/06 04:57p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [4/28/2005 9:27:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=interceptor.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2007-10-09 23:52:41 ------------
Attached Files
File Type: txt extra.txt (5.3 KB, 1 views)
Last edited by drwatson; 10-09-2007 at 11:07 PM.
drwatson is offline