Metallica had just wanted me to download the Finditnt2000xp and then send the log file in here.
Would you please check and help me. I dont know what to do and I am really get bored of this s***.
Thanks Metallica and thank you all in advance
--------------------------------------------------------------------------------------------
Find.bat is running from: C:\Documents and Settings\sales team\My Documents\Programs\Virus\finditnt2000xp\Find It NT-2K-XP
------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 5089-55FE
Directory of C:\WINDOWS\System32
14.01.05 09:33 225.615 abtxprxy.dll
13.01.05 11:45 226.247 hrj8051ue.dll
12.01.05 17:03 225.615 g4220efoeh2c0.dll
03.01.05 16:36 <DIR> dllcache
30.12.04 09:20 225.197 ogbctrac.dll
29.12.04 14:12 135 fhrpath.txt
28.12.04 11:02 224.031 hr4405hqe.dll
28.12.04 09:59 225.197 wjps.dll
28.12.04 09:38 224.031 HQIMON.DLL
25.12.04 14:15 10.022 KGyGaAvL.sys
22.12.04 16:15 225.447 lv2u09f9e.dll
21.12.04 09:09 224.235 mukbcoin.dll
17.12.04 13:03 224.954 t8r8li9u18.dll
17.12.04 09:43 224.994 o8luli3918.dll
13.12.04 09:19 225.150 gp2ml3f11.dll
10.12.04 09:44 225.150 pfrfctrs.dll
06.12.04 13:16 9.386 sysfhr.dat
27.11.04 16:00 226.004 en86l1ls1.dll
14.10.04 13:46 <DIR> Microsoft
27.02.04 15:25 61.440 fhrrc.dll
14.04.03 03:00 71.588 sysfhr.sys
19 File(s) 3.304.438 bytes
2 Dir(s) 60.126.834.688 bytes free
------- Hidden Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 5089-55FE
Directory of C:\WINDOWS\System32
03.01.05 16:36 <DIR> dllcache
29.12.04 14:12 135 fhrpath.txt
25.12.04 14:15 10.022 KGyGaAvL.sys
13.12.04 11:55 488 logonui.exe.manifest
13.12.04 11:55 488 WindowsLogon.manifest
13.12.04 11:55 749 cdplayer.exe.manifest
13.12.04 11:55 749 sapi.cpl.manifest
13.12.04 11:55 749 nwc.cpl.manifest
13.12.04 11:55 749 ncpa.cpl.manifest
13.12.04 11:55 749 wuaucpl.cpl.manifest
06.12.04 13:16 9.386 sysfhr.dat
14.04.03 03:00 71.588 sysfhr.sys
11 File(s) 95.852 bytes
1 Dir(s) 60.126.830.592 bytes free
------------ Files Named "Guard" ---------------
Volume in drive C has no label.
Volume Serial Number is 5089-55FE
Directory of C:\WINDOWS\System32
------ Temp Files in System32 Directory ------
Volume in drive C has no label.
Volume Serial Number is 5089-55FE
Directory of C:\WINDOWS\System32
------------------ User Agent ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{183BC4E8-8242-43B4-B0CD-FD0DD22BE27B}"=""
------------- Keys Under Notify -------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g4220efoeh2c0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
------------- Locate.com Results -------------
C:\WINDOWS\SYSTEM32\
abtxprxy.dll Fri 14 Jan 2005 9:33:58 ..S.R 225.615 220,32 K
cdplay~1.man Mon 13 Dec 2004 11:55:08 A..HR 749 0,73 K
en86l1~1.dll Sat 27 Nov 2004 16:00:28 ..S.R 226.004 220,71 K
fhrpath.txt Wed 29 Dec 2004 14:12:46 A.SH. 135 0,13 K
g4220e~1.dll Wed 12 Jan 2005 17:03:08 ..S.R 225.615 220,32 K
gp2ml3~1.dll Mon 13 Dec 2004 9:19:06 ..S.R 225.150 219,87 K
hqimon.dll Tue 28 Dec 2004 9:38:10 ..S.R 224.031 218,78 K
hr4405~1.dll Tue 28 Dec 2004 11:02:48 ..S.R 224.031 218,78 K
hrj805~1.dll Thu 13 Jan 2005 11:45:14 ..S.R 226.247 220,94 K
kgygaavl.sys Sat 25 Dec 2004 14:15:16 A.SH. 10.022 9,79 K
logonu~1.man Mon 13 Dec 2004 11:55:14 A..HR 488 0,48 K
lv2u09~1.dll Wed 22 Dec 2004 16:15:02 ..S.R 225.447 220,16 K
mukbcoin.dll Tue 21 Dec 2004 9:09:34 ..S.R 224.235 218,98 K
ncpacp~1.man Mon 13 Dec 2004 11:55:08 A..HR 749 0,73 K
nwccpl~1.man Mon 13 Dec 2004 11:55:08 A..HR 749 0,73 K
o8luli~1.dll Fri 17 Dec 2004 9:43:42 ..S.R 224.994 219,72 K
ogbctrac.dll Thu 30 Dec 2004 9:20:30 ..S.R 225.197 219,92 K
pfrfctrs.dll Fri 10 Dec 2004 9:44:06 ..S.R 225.150 219,87 K
sapicp~1.man Mon 13 Dec 2004 11:55:08 A..HR 749 0,73 K
sysfhr.dat Mon 6 Dec 2004 13:16:06 ..SHR 9.386 9,16 K
t8r8li~1.dll Fri 17 Dec 2004 13:03:36 ..S.R 224.954 219,68 K
window~1.man Mon 13 Dec 2004 11:55:14 A..HR 488 0,48 K
wjps.dll Tue 28 Dec 2004 9:59:38 ..S.R 225.197 219,92 K
wuaucp~1.man Mon 13 Dec 2004 11:55:08 A..HR 749 0,73 K
24 items found: 24 files, 0 directories.
Total of file sizes: 3.176.131 bytes 3,03 M
-------- Strings.exe Qoologic Results --------
--------- Strings.exe Aspack Results ---------
C:\WINDOWS\system32\ntdll.dll: .aspack
-------------- HKLM Run Key ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"NWTRAY"="NWTRAY.EXE"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"