Thread: All Apps close immediately, help please.
View Single Post
Old 10-10-2007, 06:42 PM   #6 (permalink)
drwatson
Registered User
 
Join Date: Oct 2007
Posts: 7
OS: Windows 2000


Re: All Apps close immediately, help please.
Got that done finally, unfortunately the pc is still acting up though.

Please find tghe report.txt attached.

Thanks

Chris

SDFix: Version 1.107

Run by lcladmin on Wed 10/10/2007 at 6:27p

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Remaining Files:
---------------


Files with Hidden Attributes:

Tue 27 Sep 2005 4 ...H. --- "C:\WINNT\uccspecb.sys"
Wed 14 Dec 2005 23,552 ...H. --- "C:\RECYCLER\S-1-5-21-1220945662-854245398-1957994488-1002\Dc11.tmp"
Wed 14 Dec 2005 19,968 ...H. --- "C:\RECYCLER\S-1-5-21-1220945662-854245398-1957994488-1002\Dc12.tmp"
Wed 14 Dec 2005 24,576 ...H. --- "C:\RECYCLER\S-1-5-21-1220945662-854245398-1957994488-1002\Dc13.tmp"
Wed 14 Dec 2005 19,968 ...H. --- "C:\RECYCLER\S-1-5-21-1220945662-854245398-1957994488-1002\Dc15.tmp"
Wed 14 Dec 2005 23,552 ...H. --- "C:\RECYCLER\S-1-5-21-1220945662-854245398-1957994488-1002\Dc16.tmp"
Wed 14 Dec 2005 23,552 ...H. --- "C:\RECYCLER\S-1-5-21-1220945662-854245398-1957994488-1002\Dc17.tmp"
Mon 25 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINNT\DRM\DRMv1.bak"
Tue 29 Aug 2000 557,056 ...H. --- "C:\Program Files\Dell\Backup\DellBckp.exe"

Finished!



Deckard's System Scanner v20070905.67
Run by lcladmin on 2007-10-10 19:44:13
Computer is in Safe Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as lcladmin.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:21 PM, on 10/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\lcladmin\Desktop\dss.exe
C:\DOCUME~1\lcladmin\Desktop\lcladmin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - E:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINNT\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINNT\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINNT\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135192468824
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe (file missing)
O23 - Service: Search Engine Commando Schedule Service (SECScheduleService) - Tates Creek Software, LLC - E:\Program Files\Search Engine Commando\ScheduleService.exe

--
End of file - 5574 bytes

-- Files created between 2007-09-10 and 2007-10-10 -----------------------------

2007-10-10 18:25:53 0 d-------- C:\WINNT\ERUNT
2007-10-10 18:21:58 463636 ---h----- C:\WINNT\ShellIconCache
2007-10-09 2351 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Talkback
2007-10-09 23:05:38 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Google
2007-10-09 23:05:15 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Mozilla
2007-10-09 23:00:37 0 d-------- C:\Documents and Settings\lcladmin\Application Data\Identities
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\Templates
2007-10-09 23:00:32 0 d-------- C:\Documents and Settings\lcladmin\Start Menu
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\SendTo
2007-10-09 23:00:32 0 dr-h----- C:\Documents and Settings\lcladmin\Recent
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\PrintHood
2007-10-09 23:00:32 339968 --ah----- C:\Documents and Settings\lcladmin\NTUSER.DAT
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\NetHood
2007-10-09 23:00:32 0 d-------- C:\Documents and Settings\lcladmin\My Documents
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\Local Settings
2007-10-09 23:00:32 0 dr------- C:\Documents and Settings\lcladmin\Favorites
2007-10-09 23:00:32 0 d-------- C:\Documents and Settings\lcladmin\Desktop
2007-10-09 23:00:32 0 d---s---- C:\Documents and Settings\lcladmin\Cookies
2007-10-09 23:00:32 0 d--h----- C:\Documents and Settings\lcladmin\Application Data
2007-10-09 21:04:18 0 d-------- C:\Documents and Settings\Riley\Application Data\Google
2007-10-09 21:03:36 0 d-------- C:\Documents and Settings\Riley\Application Data\Talkback
2007-10-09 21:03:07 0 d-------- C:\Documents and Settings\Riley\Application Data\Mozilla
2007-10-09 21:02:03 0 d-------- C:\Documents and Settings\Riley\Application Data\Identities
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\Templates
2007-10-09 21:01:56 0 d-------- C:\Documents and Settings\Riley\Start Menu
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\SendTo
2007-10-09 21:01:56 0 dr-h----- C:\Documents and Settings\Riley\Recent
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\PrintHood
2007-10-09 21:01:56 225280 --ah----- C:\Documents and Settings\Riley\NTUSER.DAT
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\NetHood
2007-10-09 21:01:56 0 d-------- C:\Documents and Settings\Riley\My Documents
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\Local Settings
2007-10-09 21:01:56 0 dr------- C:\Documents and Settings\Riley\Favorites
2007-10-09 21:01:56 0 d-------- C:\Documents and Settings\Riley\Desktop
2007-10-09 21:01:56 0 d---s---- C:\Documents and Settings\Riley\Cookies
2007-10-09 21:01:56 0 d--h----- C:\Documents and Settings\Riley\Application Data
2007-10-09 21:01:56 0 d---s---- C:\Documents and Settings\Riley\Application Data\Microsoft
2007-10-09 20:33:22 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2007-09-22 13:45:06 1364 --a------ C:\Documents and Settings\All Users.WINNT\Application Data\QTSBandwidthCache


-- Find3M Report ---------------------------------------------------------------

2007-10-09 23:00:39 0 d-------- C:\Program Files\Common Files
2007-08-17 00:00:50 0 d-------- C:\Program Files\RegCleaner
2007-08-13 17:16:43 0 d-------- C:\Program Files\Orwell
2007-08-07 20:01:00 664 -----n--- C:\WINNT\system32\d3d9caps.dat
2007-08-04 15:19:30 93248 -----n--- C:\WINNT\Orwell Uninstaller.exe
2007-08-03 21:44:44 16384 --------t C:\WINNT\system32\Perflib_Perfdata_344.dat
2007-07-18 22:29:02 31 -----n--- C:\WINNT\J


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [12/17/03 06:40a]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"gcasServ"="E:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [11/15/05 12:12p]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [05/25/04 10:16a]
"InetCntrl"="C:\WINNT\system32\InetCntrl\InetCntrl.exe" [01/29/07 11:10a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/06 04:57p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [4/28/2005 9:27:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=interceptor.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2007-10-10 19:44:46 ------------
Attached Files
File Type: txt report.txt (1.6 KB, 1 views)
Last edited by Ried; 10-10-2007 at 09:38 PM.
drwatson is offline