Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Umonitor problem...


  • Please log in to reply

#1
TheShadowElite

TheShadowElite

    New Member

  • Member
  • Pip
  • 2 posts
Does Anyone feel like helping me , i have to fix my mothers computer because i have no idea what she is clicking on and downloading. and she has the Umonitor Error.
I have got Find It and Kill Box d/led and extracted, i just need to know what to delete so i don't have to reinstall Xp on this [bleep] of a computer.



Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: F:\Documents and Settings\Mom\Desktop\FindIt\Find It NT-2K-XP

------- System Files in System32 Directory -------
Volume in drive F has no label.
Volume Serial Number is 6CA9-5954

Directory of F:\WINDOWS\System32

12/20/2004 08:25 PM 222,865 o6rolg9316.dll
12/20/2004 06:02 PM <DIR> dllcache
12/20/2004 04:43 PM 225,315 lv8209loe.dll
12/20/2004 11:49 AM 225,495 m6polg7316.dll
11/28/2004 08:20 PM 226,248 lvl0093me.dll
11/28/2004 08:13 PM 226,248 oibcint.dll
11/28/2004 08:01 PM 225,944 nilanui.dll
11/27/2004 10:47 AM 225,944 tdbyuv.dll
11/27/2004 10:05 AM 224,833 j0l40a3qed.dll
11/27/2004 09:50 AM 224,833 mjasn1.dll
11/24/2004 05:45 PM 223,291 lvn0095me.dll
11/24/2004 02:42 PM 223,496 dgraw.dll
08/02/2004 01:34 PM 32 {6A24BCCF-44F8-4115-AE4B-5FF2D0B994EC}.dat
08/02/2004 12:23 PM <DIR> Microsoft
12 File(s) 2,474,544 bytes
2 Dir(s) 69,441,200,128 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive F has no label.
Volume Serial Number is 6CA9-5954

Directory of F:\WINDOWS\System32

12/20/2004 06:02 PM <DIR> dllcache
08/02/2004 01:34 PM 32 {6A24BCCF-44F8-4115-AE4B-5FF2D0B994EC}.dat
08/02/2004 09:14 AM 488 WindowsLogon.manifest
08/02/2004 09:14 AM 488 logonui.exe.manifest
08/02/2004 09:14 AM 749 sapi.cpl.manifest
08/02/2004 09:14 AM 749 nwc.cpl.manifest
08/02/2004 09:14 AM 749 wuaucpl.cpl.manifest
08/02/2004 09:14 AM 749 cdplayer.exe.manifest
08/02/2004 09:14 AM 749 ncpa.cpl.manifest
8 File(s) 4,753 bytes
1 Dir(s) 69,441,200,128 bytes free

---------- Files Named "Guard" -------------

Volume in drive F has no label.
Volume Serial Number is 6CA9-5954

Directory of F:\WINDOWS\System32

12/21/2004 09:43 AM 225,315 guard.tmp
1 File(s) 225,315 bytes
0 Dir(s) 69,441,196,032 bytes free

--------- Temp Files in System32 Directory --------

Volume in drive F has no label.
Volume Serial Number is 6CA9-5954

Directory of F:\WINDOWS\System32

12/21/2004 09:43 AM 225,315 guard.tmp
1 File(s) 225,315 bytes
0 Dir(s) 69,441,191,936 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FD3F922C-4D5F-42FB-B1EB-9F2A4B7E14C8}"=""


------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS]
"Asynchronous"=dword:00000000
"DllName"="F:\\WINDOWS\\system32\\lv8209loe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------------ Locate.com Results ------------------

F:\WINDOWS\SYSTEM32\
dgraw.dll Wed Nov 24 2004 2:42:02p ..S.R 223,496 218.26 K
j0l40a~1.dll Sat Nov 27 2004 10:05:24a ..S.R 224,833 219.56 K
lv8209~1.dll Mon Dec 20 2004 4:43:14p ..S.R 225,315 220.03 K
lvl009~1.dll Sun Nov 28 2004 8:20:40p ..S.R 226,248 220.95 K
lvn009~1.dll Wed Nov 24 2004 5:45:48p ..S.R 223,291 218.05 K
m6polg~1.dll Mon Dec 20 2004 11:49:36a ..S.R 225,495 220.21 K
mjasn1.dll Sat Nov 27 2004 9:50:24a ..S.R 224,833 219.56 K
nilanui.dll Sun Nov 28 2004 8:01:08p ..S.R 225,944 220.65 K
o6rolg~1.dll Mon Dec 20 2004 8:25:30p ..S.R 222,865 217.64 K
oibcint.dll Sun Nov 28 2004 8:13:40p ..S.R 226,248 220.95 K
tdbyuv.dll Sat Nov 27 2004 10:47:44a ..S.R 225,944 220.65 K

11 items found: 11 files, 0 directories.
Total of file sizes: 2,474,512 bytes 2.36 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------

F:\WINDOWS\system32\ntdll.dll: .aspack

----------------- HKLM Run Key ------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"F:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"F:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi TheShadowElite

(1) Be sure you're able to view hidden files and folders

(2) Click the HijackThis Guide in my signature, and follow the instructions in the guide.


kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP