I'm hoping to get some assistance with UMonitor .dll popup messages on boot and and obnoxious number of popup ads while on the internet.
I've run AdAware & Spybot S&D, but UMonitor problems still remain. I tried to run HijackThis, but kept getting an error at launch that caused it to shut itself down. I did successfully run l2mxfix - here's the log:
Thanks in advance!!
L2MFIX find log 1.02
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\m0jula191d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8FF883E9-FA93-47B7-83A7-E68CFAD53415}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
@="CorelDRAW Shell Extension Component"
"{CE433D33-14CB-42EB-B666-ECBF98C80DD2}"="Draw Property Sheet"
"{6A1122A1-6D55-11D0-9E64-0000C04E5143}"="Mls shell extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{7D5C4BDD-B015-4401-8731-1507B87DE297}"="QBVersionTool"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}"="Allaire FTP & RDS"
"{DF503FD0-B424-439B-826B-A2B28B25B711}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DF503FD0-B424-439B-826B-A2B28B25B711}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DF503FD0-B424-439B-826B-A2B28B25B711}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DF503FD0-B424-439B-826B-A2B28B25B711}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DF503FD0-B424-439B-826B-A2B28B25B711}\InprocServer32]
@="C:\\WINNT\\system32\\lkhsvc.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINNT\SYSTEM32\
ciodm.dll Thu Nov 4 2004 8:41:52p ..... 68,880 67.27 K
e2jm0c~1.dll Mon Jan 24 2005 2:30:00p ..S.R 223,232 218.00 K
hypertrm.dll Tue Nov 16 2004 2:47:02a ..... 576,784 563.27 K
iepppp.dll Mon Jan 24 2005 10:55:30a A.... 24,576 24.00 K
ihign32.dll Mon Jan 24 2005 2:09:00p ..S.R 223,232 218.00 K
irrsl5~1.dll Mon Jan 24 2005 10:54:32a ..S.R 225,027 219.75 K
lcuuuu.dll Mon Jan 3 2005 9:33:54a A.... 5,632 5.50 K
lkhsvc.dll Mon Jan 24 2005 2:33:42p ..... 223,232 218.00 K
lv2u09~1.dll Mon Jan 3 2005 9:47:04a ..S.R 224,161 218.91 K
m0jula~1.dll Mon Jan 24 2005 2:14:00p ..S.R 223,232 218.00 K
mf43dmod.dll Mon Jan 24 2005 2:21:56p ..S.R 223,232 218.00 K
shdocvw.dll Thu Nov 11 2004 11:20:56p A.... 1,332,224 1.27 M
sp3res.dll Thu Dec 2 2004 6:27:18a ..... 6,272,512 5.98 M
user32.dll Wed Dec 29 2004 1:14:10a A.... 380,688 371.77 K
14 items found: 14 files (6 H/S), 0 directories.
Total of file sizes: 10,226,644 bytes 9.75 M
Locate .tmp files:
C:\WINNT\SYSTEM32\
guard.tmp Mon Jan 24 2005 2:35:44p A.... 223,232 218.00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 223,232 bytes 218.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is B8C6-530C
Directory of C:\WINNT\System32
01/24/2005 02:29p 223,232 e2jm0c11ef.dll
01/24/2005 02:21p 223,232 mf43dmod.dll
01/24/2005 02:13p 223,232 m0jula191d.dll
01/24/2005 02:08p 223,232 ihign32.dll
01/24/2005 10:54a 225,027 irrsl5971.dll
01/24/2005 09:32a <DIR> dllcache
01/03/2005 09:47a 224,161 lv2u09f9e.dll
6 File(s) 1,342,116 bytes
1 Dir(s) 3,846,844,416 bytes free