Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

random.dll + Umonitor

Started by spunog , Jan 23 2005 10:35 AM

  • This topic is locked This topic is locked

#1
spunog
Posted 23 January 2005 - 10:35 AM

spunog

    New Member

  • Member
  • Pip
  • 1 posts
Could someone please help me with this problem. Every time I reboot my machine I get a pop up message saying that ramdom.dll could not be opened . With "Umonitor" beside it. I have run the find it and here is the output. Any help would be greatly appreciated.

Spunog


------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is A0C8-2771

Directory of C:\WINDOWS\System32

01/23/2005 16:06 229,658 dn4m01h1e.dll
01/23/2005 15:38 228,876 l88mlil118q.dll
01/23/2005 14:07 230,330 l4n4le5q1h.dll
01/23/2005 13:00 229,153 kt0ul7d91.dll
01/23/2005 12:58 228,862 ir2ol5f31.dll
01/23/2005 12:56 228,371 fp4o03h3e.dll
01/23/2005 12:22 231,792 OWBCJI32.DLL
01/23/2005 12:20 231,792 n84s0ih7e84.dll
01/23/2005 12:19 228,993 p68qlgl516q.dll
01/23/2005 12:19 <DIR> DLLCACHE
01/23/2005 12:17 231,792 SZCLIENT.DLL
01/23/2005 12:08 230,948 aza80ehueh480.dll
01/23/2005 12:05 230,948 WQAVIDEO.DLL
01/23/2005 12:04 230,494 jt0u07d9e.dll
01/23/2005 11:52 232,039 ir4ql5h51.dll
01/23/2005 11:50 230,494 mptask.dll
01/23/2005 11:49 228,476 p2p6lc7s1f.dll
01/23/2005 11:41 228,476 DHSEC.DLL
01/23/2005 11:41 229,958 o284lclq1fqe.dll
01/23/2005 11:36 228,476 iyss.dll
01/23/2005 11:36 230,195 mvjsl9171.dll
01/23/2005 11:24 232,223 mqdart.dll
01/23/2005 11:24 228,668 o6lu0g39e6.dll
01/23/2005 11:22 228,800 en02l1do1.dll
01/23/2005 11:20 232,223 TREMEUI.DLL
01/22/2005 11:45 232,223 l8p2li7o18.dll
01/22/2005 11:38 232,223 j40s0ed7eh0.dll
01/22/2005 11:35 232,223 t2r80c9uef.dll
01/21/2005 21:20 230,315 irnul5591.dll
07/01/2004 02:48 67,584 bkrll.dll
12/13/2002 19:25 <DIR> Microsoft
29 File(s) 6,516,605 bytes
2 Dir(s) 8,256,815,104 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is A0C8-2771

Directory of C:\WINDOWS\System32

01/23/2005 12:19 <DIR> DLLCACHE
07/01/2004 02:48 67,584 bkrll.dll
09/03/2002 08:57 488 logonui.exe.manifest
09/03/2002 08:57 488 WindowsLogon.manifest
09/03/2002 08:57 749 nwc.cpl.manifest
09/03/2002 08:57 749 sapi.cpl.manifest
09/03/2002 08:57 749 ncpa.cpl.manifest
09/03/2002 08:57 749 cdplayer.exe.manifest
09/03/2002 08:57 749 wuaucpl.cpl.manifest
8 File(s) 72,305 bytes
1 Dir(s) 8,256,815,104 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is A0C8-2771

Directory of C:\WINDOWS\System32

01/23/2005 16:08 228,876 guard.tmp
1 File(s) 228,876 bytes
0 Dir(s) 8,256,811,008 bytes free

------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is A0C8-2771

Directory of C:\WINDOWS\System32

01/23/2005 16:08 228,876 guard.tmp
08/29/2002 05:00 2,577 CONFIG.TMP
2 File(s) 231,453 bytes
0 Dir(s) 8,256,811,008 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{426C7383-4775-40B6-B15B-08F8295F96CF}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l88mlil118q.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


------------- Locate.com Results -------------

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------


-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"PaperPort PTD"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\BRMFLPRO\\BrDefPrt.exe"
"26dd7cd48a79"="C:\\WINDOWS\\System32\\CCFGNT00.exe"
"AcyU"="C:\\WINDOWS\\wojko.exe"
"rndkwlvi"="C:\\WINDOWS\\System32\\rndkwlvi.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



  • 0

Advertisements

#2
bilko
Posted 23 January 2005 - 11:35 AM

bilko

    Member

  • Member
  • PipPip
  • 35 posts
You certainly have some .dll files there that you shouldn't have.

Goto this link and read it

http://www.geekstogo..._Log-t2852.html

Then post a Hijack this log, in the appropriate section.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP