Umonitor error on boot up

I receive "An exception occurred while trying to run ""C:\windows\system32\gkrn80n.dll", UMonitor" when I boot up my laptop. Actually the dll that it points to varies but it is always related to UMonitor. I read another post on this issue and followed the directions about running Find It NT-2K-XP. That post said to include the Output.txt file that resulted. My file is below. Can you help? In the past month I have started getting popups, boot up errors, and frequent blue screens. I make my living with this computer and am very concerned.

Thanks

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Karen\Desktop\PC Fix\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 2C0A-4E48

Directory of C:\WINDOWS\System32

01/20/2005 08:08 PM 223,873 lgkrn80n.dll
01/20/2005 04:47 PM 223,873 j0n2la5o1d.dll
01/19/2005 08:14 PM 223,873 e020lafm1d2a.dll
01/18/2005 05:54 PM 223,873 fpp2037oe.dll
01/17/2005 09:45 PM 223,873 ir0ml5d11.dll
01/15/2005 03:47 PM 223,873 KDDTAT.DLL
01/13/2005 07:15 AM 223,873 wvpasf.dll
01/11/2005 10:20 PM 223,399 lvr8099ue.dll
01/11/2005 10:41 AM 223,680 l4n40e5qeh.dll
01/07/2005 06:08 PM 224,371 o4840elqehqe0.dll
01/05/2005 08:07 PM 223,062 lv2o09f3e.dll
01/05/2005 08:03 PM 223,062 Imonlib.dll
01/04/2005 07:24 PM 224,371 RAUTETAB.DLL
12/31/2004 11:55 AM 222,921 irn4l55q1.dll
12/31/2004 11:29 AM 224,401 o084lalq1dqe.dll
12/31/2004 11:21 AM 222,949 e8200ifme82a0.dll
12/31/2004 11:11 AM 224,947 en68l1ju1.dll
12/29/2004 03:22 PM 222,921 IhagXRA7.dll
12/29/2004 03:00 PM 224,777 p6n8lg5u16.dll
12/29/2004 10:33 AM 224,457 k6lqlg3516.dll
12/26/2004 09:43 AM 222,921 lvps0977e.dll
12/25/2004 10:42 PM 222,921 ir2ql5f51.dll
12/24/2004 11:49 PM 224,588 lvn8095ue.dll
12/15/2004 09:41 PM 225,486 o2ro0c93ef.dll
12/15/2004 06:57 PM 223,771 o4pq0e75eh.dll
12/15/2004 08:59 AM 224,881 e0jmla111d.dll
12/15/2004 08:51 AM 224,914 gp4ml3h11.dll
12/13/2004 05:00 PM 223,771 ir2sl5f71.dll
12/13/2004 10:53 AM 223,771 k6no0g53e6.dll
12/11/2004 03:35 PM <DIR> DLLCACHE
12/11/2004 09:37 AM 223,771 t6r80g9ue6.dll
12/11/2004 05:26 AM 223,771 q6pslg7716.dll
12/10/2004 12:19 PM 222,868 t88ulil918q.dll
12/08/2004 07:54 PM 222,868 ABLDial.dll
12/07/2004 04:18 PM 226,005 en2sl1f71.dll
01/15/2004 08:10 AM <DIR> Microsoft
34 File(s) 7,612,736 bytes
2 Dir(s) 14,875,475,968 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 2C0A-4E48

Directory of C:\WINDOWS\System32

12/11/2004 03:35 PM <DIR> DLLCACHE
04/25/2004 02:10 PM 22,451 FFASTLOG.TXT
09/03/2002 09:57 AM 488 logonui.exe.manifest
09/03/2002 09:57 AM 488 WindowsLogon.manifest
09/03/2002 09:57 AM 749 nwc.cpl.manifest
09/03/2002 09:57 AM 749 sapi.cpl.manifest
09/03/2002 09:57 AM 749 ncpa.cpl.manifest
09/03/2002 09:57 AM 749 cdplayer.exe.manifest
09/03/2002 09:57 AM 749 wuaucpl.cpl.manifest
8 File(s) 27,172 bytes
1 Dir(s) 14,875,471,872 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 2C0A-4E48

Directory of C:\WINDOWS\System32

------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 2C0A-4E48

Directory of C:\WINDOWS\System32

08/29/2002 06:00 AM 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 14,875,471,872 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5BF869BA-F7B4-4FFA-9EA1-C15D716E3EE3}"=""

------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
"Logoff"="SebringUserLogoff"
"Logon"="SebringUserLogon"
"Impersonate"=dword:00000000
"Dllname"="C:\\WINDOWS\\System32\\LgNotify.dll"
"Asynchronous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\e020lafm1d2a.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
abldial.dll Wed Dec 8 2004 7:54:34p ..S.R 222,868 217.64 K
e020la~1.dll Wed Jan 19 2005 8:14:38p ..S.R 223,873 218.63 K
e0jmla~1.dll Wed Dec 15 2004 8:59:32a ..S.R 224,881 219.61 K
e8200i~1.dll Fri Dec 31 2004 11:21:16a ..S.R 222,949 217.72 K
en2sl1~1.dll Tue Dec 7 2004 4:18:46p ..S.R 226,005 220.71 K
en68l1~1.dll Fri Dec 31 2004 11:11:10a ..S.R 224,947 219.67 K
fpp203~1.dll Tue Jan 18 2005 5:54:46p ..S.R 223,873 218.63 K
gp4ml3~1.dll Wed Dec 15 2004 8:51:42a ..S.R 224,914 219.64 K
ihagxra7.dll Wed Dec 29 2004 3:22:26p ..S.R 222,921 217.70 K
imonlib.dll Wed Jan 5 2005 8:03:16p ..S.R 223,062 217.83 K
ir0ml5~1.dll Mon Jan 17 2005 9:45:32p ..S.R 223,873 218.63 K
ir2ql5~1.dll Sat Dec 25 2004 10:42:48p ..S.R 222,921 217.70 K
ir2sl5~1.dll Mon Dec 13 2004 5:00:48p ..S.R 223,771 218.52 K
irn4l5~1.dll Fri Dec 31 2004 11:55:12a ..S.R 222,921 217.70 K
j0n2la~1.dll Thu Jan 20 2005 4:47:48p ..S.R 223,873 218.63 K
k6lqlg~1.dll Wed Dec 29 2004 10:33:12a ..S.R 224,457 219.20 K
k6no0g~1.dll Mon Dec 13 2004 10:54:00a ..S.R 223,771 218.52 K
kddtat.dll Sat Jan 15 2005 3:47:28p ..S.R 223,873 218.63 K
l4n40e~1.dll Tue Jan 11 2005 10:41:28a ..S.R 223,680 218.44 K
lgkrn80n.dll Thu Jan 20 2005 8:08:06p ..S.R 223,873 218.63 K
lv2o09~1.dll Wed Jan 5 2005 8:07:16p ..S.R 223,062 217.83 K
lvn809~1.dll Fri Dec 24 2004 11:49:58p ..S.R 224,588 219.32 K
lvps09~1.dll Sun Dec 26 2004 9:43:24a ..S.R 222,921 217.70 K
lvr809~1.dll Tue Jan 11 2005 10:20:46p ..S.R 223,399 218.16 K
o084la~1.dll Fri Dec 31 2004 11:29:46a ..S.R 224,401 219.14 K
o2ro0c~1.dll Wed Dec 15 2004 9:41:54p ..S.R 225,486 220.20 K
o4840e~1.dll Fri Jan 7 2005 6:08:38p ..S.R 224,371 219.11 K
o4pq0e~1.dll Wed Dec 15 2004 6:57:22p ..S.R 223,771 218.52 K
p6n8lg~1.dll Wed Dec 29 2004 3:00:54p ..S.R 224,777 219.51 K
q6pslg~1.dll Sat Dec 11 2004 5:26:32a ..S.R 223,771 218.52 K
rautetab.dll Tue Jan 4 2005 7:24:04p ..S.R 224,371 219.11 K
t6r80g~1.dll Sat Dec 11 2004 9:37:32a ..S.R 223,771 218.52 K
t88uli~1.dll Fri Dec 10 2004 12:19:42p ..S.R 222,868 217.64 K
wvpasf.dll Thu Jan 13 2005 7:15:52a ..S.R 223,873 218.63 K

34 items found: 34 files, 0 directories.
Total of file sizes: 7,612,736 bytes 7.26 M

-------- Strings.exe Qoologic Results --------

C:\WINDOWS\SYSTEM32\almmap.exe: updates.qoologic.com
C:\WINDOWS\SYSTEM32\niuunz.dll: updates.qoologic.com
C:\WINDOWS\SYSTEM32\qlzzqg.dll: updates.qoologic.com

--------- Strings.exe Aspack Results ---------

C:\WINDOWS\SYSTEM32\gvoogy.exe: .aspack
C:\WINDOWS\SYSTEM32\kwyykq.dat: .aspack
C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack
C:\WINDOWS\SYSTEM32\_000064_.tmp.dll: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ikppiy.exe: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\aol\\AOLSPY~1\\AOLSP Scheduler.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Plus\\Ad-Watch.exe\""
"PCMMRealtime"="C:\\Program Files\\PC MightyMax\\pcmm.exe /S"
"Narrator"="C:\\WINDOWS\\system32\\gvoogy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

#1
kj2322

Posted 20 January 2005 - 07:56 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us