Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! UMonitor issues

Started by TheNimirRaj , Feb 05 2005 04:40 PM

  • Please log in to reply

#1
TheNimirRaj
Posted 05 February 2005 - 04:40 PM

TheNimirRaj

    New Member

  • Member
  • Pip
  • 1 posts
Ok so far I have DL the finditnt2000xp.zip and ran it on the problemed computer. I gave an output which I will put below. Unfortunetly I'm not sure what to do next... Please help!

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Jana Chapman\Desktop\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is B831-3EF8

Directory of C:\WINDOWS\System32

02/05/2005 02:45 PM 222,690 oihlp30t.dll
02/05/2005 02:45 PM 222,872 l28m0cl1efq.dll
02/05/2005 02:29 PM 224,483 gprsl3971.dll
02/05/2005 02:13 PM 222,690 kt88l7lu1.dll
02/05/2005 01:36 PM 222,690 s2rslc971f.dll
02/05/2005 01:27 PM 222,690 kt2ql7f51.dll
02/05/2005 04:37 AM 222,690 l08mlal11dq.dll
02/04/2005 10:47 PM 222,857 gp06l3ds1.dll
02/04/2005 04:57 AM 222,690 wlnmp32.dll
02/02/2005 09:07 PM 225,870 h6j40g1qe6.dll
01/26/2005 05:00 AM 225,870 iml8l53u1.dll
01/24/2005 09:17 PM 222,690 fce.dll
01/23/2005 09:03 PM 224,968 h6n0lg5m16.dll
01/22/2005 08:23 PM 225,696 l82s0if7e82.dll
01/22/2005 07:18 PM 224,968 szrrun.dll
01/22/2005 12:06 PM 225,962 owesvr.dll
01/21/2005 06:33 PM 225,948 k6080gdue6080.dll
01/20/2005 04:57 PM 226,227 mvn2l95o1.dll
01/19/2005 04:38 PM 223,896 apdbres.dll
01/18/2005 05:09 PM 224,968 cxbcatex.dll
01/18/2005 04:18 PM 223,896 dbnwsock.dll
01/18/2005 04:37 AM 224,968 syrio800.dll
01/16/2005 11:46 AM 223,951 mevcrt.dll
01/15/2005 06:17 AM 223,896 ismon.dll
01/13/2005 04:22 AM 223,951 IOETWH32.dll
01/12/2005 09:20 PM 223,896 kidsw.dll
01/12/2005 06:02 PM 223,951 iketres.dll
01/09/2005 12:50 PM 223,896 f60olgd3160.dll
01/06/2005 04:06 AM 223,896 o666lgjs16o6.dll
01/05/2005 10:37 PM 223,745 mv68l9ju1.dll
01/05/2005 09:57 PM 6,656 Thumbs.db
01/05/2005 06:28 PM 224,081 i6lo0g33e6.dll
01/05/2005 05:21 AM 224,991 m428lefu1h28.dll
01/03/2005 04:25 PM 223,910 hr6m05j1e.dll
01/02/2005 10:09 PM 223,232 irl8l53u1.dll
12/05/2004 07:34 AM <DIR> DLLCACHE
08/15/2002 08:16 PM <DIR> Microsoft
35 File(s) 7,626,331 bytes
2 Dir(s) 26,578,739,200 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is B831-3EF8

Directory of C:\WINDOWS\System32

02/05/2005 02:12 PM <DIR> wsxsvc
01/05/2005 09:57 PM 6,656 Thumbs.db
12/05/2004 07:34 AM <DIR> DLLCACHE
08/14/2004 04:03 PM 488 WindowsLogon.manifest
08/14/2004 04:03 PM 488 logonui.exe.manifest
08/14/2004 04:03 PM 749 sapi.cpl.manifest
08/14/2004 04:03 PM 749 nwc.cpl.manifest
08/14/2004 04:03 PM 749 cdplayer.exe.manifest
08/14/2004 04:03 PM 749 wuaucpl.cpl.manifest
08/14/2004 04:03 PM 749 ncpa.cpl.manifest
08/09/2004 05:20 PM <DIR> GroupPolicy
8 File(s) 11,377 bytes
3 Dir(s) 26,578,735,104 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is B831-3EF8

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is B831-3EF8

Directory of C:\WINDOWS\System32

08/18/2001 05:00 AM 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 26,578,735,104 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{29F5E539-E336-4DB7-8465-4D390698B52D}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetCache]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\s2rslc971f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

-------- Strings.exe Qoologic Results --------

C:\WINDOWS\SYSTEM32\ipspzi.dll: updates.qoologic.com
C:\WINDOWS\SYSTEM32\luiugl.dll: updates.qoologic.com
C:\WINDOWS\SYSTEM32\luxupl.exe: updates.qoologic.com

--------- Strings.exe Aspack Results ---------

C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack
C:\WINDOWS\SYSTEM32\vuquyv.exe: .aspack
C:\WINDOWS\SYSTEM32\wuguqw.dat: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\kgfgyk.exe: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"Dell|Alert"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


Thank you so much...
TheNimirRaj
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP