I have got Find It and Kill Box d/led and extracted, i just need to know what to delete so i don't have to reinstall Xp on this [bleep] of a computer.
Do not remove anything unless you are sure you know what you're doing.
Find.bat is running from: F:\Documents and Settings\Mom\Desktop\FindIt\Find It NT-2K-XP
------- System Files in System32 Directory -------
Volume in drive F has no label.
Volume Serial Number is 6CA9-5954
Directory of F:\WINDOWS\System32
12/20/2004 08:25 PM 222,865 o6rolg9316.dll
12/20/2004 06:02 PM <DIR> dllcache
12/20/2004 04:43 PM 225,315 lv8209loe.dll
12/20/2004 11:49 AM 225,495 m6polg7316.dll
11/28/2004 08:20 PM 226,248 lvl0093me.dll
11/28/2004 08:13 PM 226,248 oibcint.dll
11/28/2004 08:01 PM 225,944 nilanui.dll
11/27/2004 10:47 AM 225,944 tdbyuv.dll
11/27/2004 10:05 AM 224,833 j0l40a3qed.dll
11/27/2004 09:50 AM 224,833 mjasn1.dll
11/24/2004 05:45 PM 223,291 lvn0095me.dll
11/24/2004 02:42 PM 223,496 dgraw.dll
08/02/2004 01:34 PM 32 {6A24BCCF-44F8-4115-AE4B-5FF2D0B994EC}.dat
08/02/2004 12:23 PM <DIR> Microsoft
12 File(s) 2,474,544 bytes
2 Dir(s) 69,441,200,128 bytes free
------- Hidden Files in System32 Directory -------
Volume in drive F has no label.
Volume Serial Number is 6CA9-5954
Directory of F:\WINDOWS\System32
12/20/2004 06:02 PM <DIR> dllcache
08/02/2004 01:34 PM 32 {6A24BCCF-44F8-4115-AE4B-5FF2D0B994EC}.dat
08/02/2004 09:14 AM 488 WindowsLogon.manifest
08/02/2004 09:14 AM 488 logonui.exe.manifest
08/02/2004 09:14 AM 749 sapi.cpl.manifest
08/02/2004 09:14 AM 749 nwc.cpl.manifest
08/02/2004 09:14 AM 749 wuaucpl.cpl.manifest
08/02/2004 09:14 AM 749 cdplayer.exe.manifest
08/02/2004 09:14 AM 749 ncpa.cpl.manifest
8 File(s) 4,753 bytes
1 Dir(s) 69,441,200,128 bytes free
---------- Files Named "Guard" -------------
Volume in drive F has no label.
Volume Serial Number is 6CA9-5954
Directory of F:\WINDOWS\System32
12/21/2004 09:43 AM 225,315 guard.tmp
1 File(s) 225,315 bytes
0 Dir(s) 69,441,196,032 bytes free
--------- Temp Files in System32 Directory --------
Volume in drive F has no label.
Volume Serial Number is 6CA9-5954
Directory of F:\WINDOWS\System32
12/21/2004 09:43 AM 225,315 guard.tmp
1 File(s) 225,315 bytes
0 Dir(s) 69,441,191,936 bytes free
---------------- User Agent ------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FD3F922C-4D5F-42FB-B1EB-9F2A4B7E14C8}"=""
------------ Keys Under Notify ------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS]
"Asynchronous"=dword:00000000
"DllName"="F:\\WINDOWS\\system32\\lv8209loe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
------------------ Locate.com Results ------------------
F:\WINDOWS\SYSTEM32\
dgraw.dll Wed Nov 24 2004 2:42:02p ..S.R 223,496 218.26 K
j0l40a~1.dll Sat Nov 27 2004 10:05:24a ..S.R 224,833 219.56 K
lv8209~1.dll Mon Dec 20 2004 4:43:14p ..S.R 225,315 220.03 K
lvl009~1.dll Sun Nov 28 2004 8:20:40p ..S.R 226,248 220.95 K
lvn009~1.dll Wed Nov 24 2004 5:45:48p ..S.R 223,291 218.05 K
m6polg~1.dll Mon Dec 20 2004 11:49:36a ..S.R 225,495 220.21 K
mjasn1.dll Sat Nov 27 2004 9:50:24a ..S.R 224,833 219.56 K
nilanui.dll Sun Nov 28 2004 8:01:08p ..S.R 225,944 220.65 K
o6rolg~1.dll Mon Dec 20 2004 8:25:30p ..S.R 222,865 217.64 K
oibcint.dll Sun Nov 28 2004 8:13:40p ..S.R 226,248 220.95 K
tdbyuv.dll Sat Nov 27 2004 10:47:44a ..S.R 225,944 220.65 K
11 items found: 11 files, 0 directories.
Total of file sizes: 2,474,512 bytes 2.36 M
------------ Strings.exe Qoologic Results ------------
-------------- Strings.exe Aspack Results -------------
F:\WINDOWS\system32\ntdll.dll: .aspack
----------------- HKLM Run Key ------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"F:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"F:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
Sign In
Create Account
