Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UMonitor Problem


  • Please log in to reply

#16
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
We're in the process of moving to a new server. It will be up later today, or tomorrow. :tazz:

Here's an alternative link:
http://home.planet.n...wareinfoen.html
  • 0

Advertisements


#17
da1

da1

    New Member

  • Member
  • Pip
  • 2 posts
I am having a similar problem. EVery page I access, I get redirected to 'http://69.20.62.53/dns.php?url=enteredwebsite.com'

Here is my FindIt Log:

arning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Volume in drive C is MY DRIVE
Volume Serial Number is 0C66-1DE4

Directory of C:\WINDOWS\System32

01/30/2005 06:41 PM 224,962 nfapi32.dll
01/30/2005 06:39 PM 222,936 lv8809lue.dll
01/30/2005 06:17 PM 224,962 e6202gfmg62a2.dll
01/30/2005 06:12 PM 224,290 sevsvc.dll
01/30/2005 05:12 PM 222,936 vzsapi.dll
01/30/2005 05:12 PM 223,385 lv4409hqe.dll
01/30/2005 02:49 PM 223,986 lvnu0959e.dll
01/30/2005 10:52 AM 222,936 mzrui.dll
01/30/2005 02:54 AM 224,637 spdoclc.dll
01/29/2005 06:08 PM 223,999 aza80a7ued.dll
01/29/2005 04:13 PM 225,689 hr2605fse.dll
01/29/2005 04:13 PM 225,064 rYschap.dll
01/29/2005 04:00 PM 223,717 d4j00e1meh.dll
01/29/2005 03:52 PM 223,118 kt2ul7f91.dll
01/29/2005 03:44 PM 223,813 hrr6059se.dll
01/29/2005 03:17 PM 223,137 lvj0091me.dll
01/29/2005 03:11 PM 223,923 hr0805due.dll
01/29/2005 02:58 PM 223,773 hrn6055se.dll
01/29/2005 02:53 PM 223,522 g4040edqeh0e0.dll
01/29/2005 02:42 PM 224,339 en22l1fo1.dll
01/29/2005 02:15 PM 223,733 hrj6051se.dll
01/29/2005 01:33 PM 223,118 aza40ehqeh4e0.dll
01/29/2005 01:02 PM 223,118 g4400ehmeh4a0.dll
01/29/2005 12:57 PM 223,118 en0ol1d31.dll
01/29/2005 12:38 PM 223,118 hrpq0575e.dll
01/29/2005 12:32 PM 223,118 hrrs0597e.dll
01/29/2005 12:30 PM 223,118 hr0q05d5e.dll
01/29/2005 03:32 AM 223,682 hrrq0595e.dll
01/29/2005 03:32 AM 224,609 azaml5711.dll
01/29/2005 03:29 AM 223,562 k4440ehqeh4e0.dll
01/29/2005 03:23 AM 223,933 hrj8051ue.dll
01/29/2005 03:02 AM 225,260 aza8lgfu1628.dll
01/29/2005 02:58 AM 223,452 i4lo0e33eh.dll
01/29/2005 02:48 AM 224,323 ir02l5do1.dll
01/29/2005 02:44 AM 223,552 j4l40e3qeh.dll
01/29/2005 12:43 AM 223,983 hr6805jue.dll
01/29/2005 12:12 AM 223,903 hr8s05l7e.dll
01/29/2005 12:02 AM 225,451 l62slgf7162.dll
01/28/2005 11:28 PM 224,039 irn0l55m1.dll
01/28/2005 11:28 PM 222,984 mawsock.dll
01/28/2005 11:07 PM 222,996 o6pqlg7516.dll
01/28/2005 10:58 PM 223,149 s288lclu1fq8.dll
01/28/2005 10:28 PM 225,472 e602lgdo160c.dll
01/28/2005 09:24 PM 224,808 q0ps0a77ed.dll
01/28/2005 03:03 PM 226,079 azau0559e.dll
01/28/2005 02:54 PM 225,763 hrnu0559e.dll
01/28/2005 02:51 PM 225,643 hrl8053ue.dll
01/28/2005 02:46 PM 224,808 irj0l51m1.dll
01/28/2005 04:42 AM 224,808 f40o0ed3eh0.dll
01/27/2005 10:42 PM 225,598 s0rs0a97ed.dll
01/27/2005 10:32 PM 225,498 r0r60a9sed.dll
01/27/2005 09:57 PM 224,808 wgdap32.dll
01/27/2005 07:39 PM 224,808 p06s0aj7edo.dll
01/27/2005 04:01 PM 224,808 lv4m09h1e.dll
01/27/2005 01:37 AM 224,808 hrjs0517e.dll
01/26/2005 10:45 PM 224,808 hrr4059qe.dll
01/26/2005 09:55 PM 225,102 n4r20e9oeh.dll
01/26/2005 09:42 PM 224,808 j64olgh3164.dll
01/26/2005 07:15 PM 226,173 ktpul7791.dll
01/26/2005 05:59 PM 225,948 irpml5711.dll
01/25/2005 11:33 PM 225,238 j0l40a3qed.dll
01/25/2005 08:02 PM 225,793 az1mlg5116.dll
01/25/2005 06:28 PM 224,053 m628lgfu1628.dll
01/25/2005 05:56 PM 224,053 aza009fme.dll
01/25/2005 04:20 PM 224,053 h6l2lg3o16.dll
01/25/2005 04:10 PM 223,924 lvro0993e.dll
01/25/2005 01:06 PM 225,360 j6l4lg3q16.dll
01/25/2005 12:58 PM 223,953 lv2009fme.dll
01/25/2005 12:14 PM 223,924 f60olgd3160.dll
01/24/2005 10:42 PM 222,788 azamlg5116.dll
01/24/2005 08:16 PM 223,863 irp0l57m1.dll
01/24/2005 06:15 PM 224,339 ennql1551.dll
01/24/2005 04:42 PM 222,972 l48m0el1ehq.dll
01/24/2005 12:06 PM 224,570 r28slcl71fq.dll
01/24/2005 09:52 AM 225,644 o4ro0e93eh.dll
01/24/2005 02:41 AM 223,006 q6rqlg9516.dll
01/23/2005 10:14 PM 222,883 ennol1531.dll
01/23/2005 07:50 PM 223,123 enl8l13u1.dll
01/23/2005 03:42 PM 6,131 KGyGaAvL.sys
01/23/2005 03:06 PM 226,122 i6nmlg5116.dll
01/23/2005 02:59 PM 225,836 r0p80a7ued.dll
01/23/2005 12:13 AM 225,970 m2julc191f.dll
01/22/2005 11:31 PM 225,811 hr4805hue.dll
01/22/2005 03:35 PM 224,555 lvr6099se.dll
01/22/2005 01:14 PM 224,157 hr2u05f9e.dll
01/22/2005 11:51 AM 56 16CA919EAB.sys
01/22/2005 11:06 AM 223,686 l4n40e5qeh.dll
01/20/2005 07:48 PM <DIR> Microsoft
01/20/2005 02:54 PM <DIR> dllcache
06/25/2002 07:06 PM 167,013 navprotect.exe
06/25/2002 07:06 PM 76,287 mcafeshield.exe
06/25/2002 07:06 PM 70,195 navupdaters.exe
06/25/2002 07:06 PM 91,136 Sygate.exe
06/25/2002 07:06 PM 69,077 npfw32.exe
92 File(s) 19,544,562 bytes
2 Dir(s) 6,268,223,488 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is MY DRIVE
Volume Serial Number is 0C66-1DE4

Directory of C:\WINDOWS\System32

01/30/2005 06:56 PM 4,212 zllictbl.dat
01/30/2005 06:41 PM 527 vsconfig.xml
01/23/2005 03:42 PM 6,131 KGyGaAvL.sys
01/22/2005 11:51 AM 56 16CA919EAB.sys
01/20/2005 03:22 PM 488 WindowsLogon.manifest
01/20/2005 03:22 PM 488 logonui.exe.manifest
01/20/2005 03:22 PM 749 wuaucpl.cpl.manifest
01/20/2005 03:22 PM 749 ncpa.cpl.manifest
01/20/2005 03:22 PM 749 sapi.cpl.manifest
01/20/2005 03:22 PM 749 nwc.cpl.manifest
01/20/2005 03:22 PM 749 cdplayer.exe.manifest
01/20/2005 02:54 PM <DIR> dllcache
06/25/2002 07:06 PM 167,013 navprotect.exe
06/25/2002 07:06 PM 70,195 navupdaters.exe
06/25/2002 07:06 PM 69,077 npfw32.exe
06/25/2002 07:06 PM 91,136 Sygate.exe
06/25/2002 07:06 PM 76,287 mcafeshield.exe
16 File(s) 489,355 bytes
1 Dir(s) 6,268,223,488 bytes free

---------- Files Named "Guard" -------------

Volume in drive C is MY DRIVE
Volume Serial Number is 0C66-1DE4

Directory of C:\WINDOWS\System32


--------- Temp Files in System32 Directory --------

Volume in drive C is MY DRIVE
Volume Serial Number is 0C66-1DE4

Directory of C:\WINDOWS\System32

07/09/2004 04:27 AM 381,952 SET2F.tmp
01/22/2003 09:26 PM 221,216 VISe051.TMP
06/25/2002 07:05 PM 338,944 OLD3E.tmp
06/25/2002 07:02 PM 2,577 CONFIG.TMP
4 File(s) 944,689 bytes
0 Dir(s) 6,268,223,488 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5E682B99-77D3-42C6-BAE1-5078E7E8B7F5}"=""


------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\e6202gfmg62a2.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


---------------- Xfind Locked Files -----------------


-------------- XFind Qoologic Results --------------


-------------- XFind Aspack Results ---------------


-------------- Locate.com Results ---------------
  • 0

#18
da1

da1

    New Member

  • Member
  • Pip
  • 2 posts
And here is my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 7:17:07 PM, on 1/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\progra~1\hijackthis\hijackthis.exe

O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O2 - BHO: (no name) - {947C1CA4-C814-F315-B53E-3AC5A7A573DC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet2\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet2\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpe: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} - http://download.micr...44/mpg4sdmo.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab




plz help me cuz i am going insane
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP