IE refuse to connect to some URL's

Discussion in 'adware, spyware & hijack cleaning' started by Eric Mejia, Feb 5, 2004.

Thread Status:
Not open for further replies.
  1. Eric Mejia

    Eric Mejia Guest

    There are some particular URN like
    www.microsoft.com
    www.t1msn.com.mx
    www.zinio.com

    among others is like a program catch me when I try to get in one of the URLs above also when the IE try to access the site and can not reach it IE direct me to a serch engine like mywebsearch or msnsearch engines. I can realized the this is a Hijacks problem because I use at the same time a laptop using the same connection and I am able to connect to those sites.
    I already ran the Ad-aware,Spybot and HijackThis and the problem persist.
    I also installed NetScape Version 7 actually my IE version is 6.026 and Netscape have the same problem.
    Please let me know what else can I do to resolve this problem.

    Best Regards...
    Eric Mejia
     
  2. Eric Mejia

    Eric Mejia Guest

    Please Help with HijackThis Log File

    Logfile of HijackThis v1.97.7
    Scan saved at 12:06:20 p.m., on 05/02/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    D:\ARCHIV~2\MICROS~2\MSSQL\binn\sqlservr.exe
    D:\Archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\qttask.exe
    C:\ARCHIV~1\NORTON~1\navapw32.exe
    C:\Archivos de programa\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Archivos de programa\Winamp\Winampa.exe
    C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Archivos de programa\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    C:\Archivos de programa\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Archivos de programa\Messenger\msmsgs.exe
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Archivos de programa\Expedience LinkMonitor\LinkMonitor.exe
    D:\Archivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
    C:\Archivos de programa\HOTSYNC.EXE
    C:\Documents and Settings\Eric Mejia\Configuración local\Temp\Directorio temporal 1 para hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.esmas.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O1 - Hosts: 64.156.188.97 a.rn11.com
    O1 - Hosts: 209.247.153.153 a1669.g.akamai.net
    O1 - Hosts: 66.119.79.135 a248.e.akamai.net
    O1 - Hosts: 192.165.223.241 about.reuters.com
    O1 - Hosts: 148.245.40.205 accigame.banamex.com.mx
    O1 - Hosts: 212.19.215.70 act.greenpeace.org
    O1 - Hosts: 205.138.3.102 ad.doubleclick.net
    O1 - Hosts: 216.73.87.152 ad.terra.doubleclick.net
    O1 - Hosts: 209.225.54.119 ads.adsag.com
    O1 - Hosts: 69.57.136.5 ads.adtomi.com
    O1 - Hosts: 66.98.158.51 ads.cdmetrix.com
    O1 - Hosts: 200.57.34.76 ads.netmx.com.mx
    O1 - Hosts: 64.200.214.173 ads.peel.com
    O1 - Hosts: 66.172.0.26 ads.popupsponsor.com
    O1 - Hosts: 148.244.79.85 ads.ticketmaster.com.mx
    O1 - Hosts: 63.211.210.20 ads.x10.com
    O1 - Hosts: 216.35.70.43 ads.yupimsn.com
    O1 - Hosts: 199.231.130.40 airlines-hotels.com
    O1 - Hosts: 65.54.224.254 alerts.msn.com
    O1 - Hosts: 209.67.27.16 amch.questionmarket.com
    O1 - Hosts: 209.185.12.38 amigos.com
    O1 - Hosts: 66.111.49.73 animewallpapers.com
    O1 - Hosts: 200.53.64.208 antivirus.terra.com.mx
    O1 - Hosts: 192.5.73.105 app.vegas.com
    O1 - Hosts: 209.1.14.11 archive.devx.com
    O1 - Hosts: 64.89.23.131 ars.pinupstarlets.com
    O1 - Hosts: 205.180.85.145 asm5.z1.adserver.com
    O1 - Hosts: 64.157.224.6 avantgo.com
    O1 - Hosts: 209.73.164.146 babelfish.altavista.com
    O1 - Hosts: 209.40.107.224 banners.konouz.net
    O1 - Hosts: 207.21.223.81 bbmundo.com
    O1 - Hosts: 64.159.91.12 beallsflorida.com
    O1 - Hosts: 209.5.104.30 bellagio.admission.com
    O1 - Hosts: 67.29.152.45 beta.alcarria.com
    O1 - Hosts: 216.12.133.68 bidclix.net
    O1 - Hosts: 216.184.171.242 biggestdick.net
    O1 - Hosts: 213.149.225.67 boards2.melodysoft.com
    O1 - Hosts: 66.33.206.56 books.dreambook.com
    O1 - Hosts: 140.186.45.2 books-video.com
    O1 - Hosts: 216.32.229.176 bricks.coupons.com
    O1 - Hosts: 199.106.73.16 bsearch.babycenter.com
    O1 - Hosts: 213.193.18.103 buscador.lycos.es
    O1 - Hosts: 200.53.64.207 buscador.terra.com.mx
    O1 - Hosts: 209.202.216.13 buscar2.terra.com
    O1 - Hosts: 64.12.153.164 busqueda.aol.com.mx
    O1 - Hosts: 216.35.70.55 busqueda.yupimsn.com
    O1 - Hosts: 66.45.2.247 buycostumes.com
    O1 - Hosts: 65.54.244.250 by1fd.bay1.hotmail.msn.com
    O1 - Hosts: 64.4.51.16 calendar.msn.com
    O1 - Hosts: 216.35.70.23 canales.t1msn.com.mx
    O1 - Hosts: 65.61.216.42 casadelrecuerdo.com
    O1 - Hosts: 148.245.207.82 cat.liverpool.com.mx
    O1 - Hosts: 63.251.135.70 ccprod.roving.com
    O1 - Hosts: 64.41.153.10 center.atomz.com
    O1 - Hosts: 66.135.192.148 cgi.ebay.com
    O1 - Hosts: 192.150.22.125 cgim.adobe.com
    O1 - Hosts: 207.68.167.254 chat.msn.com
    O1 - Hosts: 200.10.200.230 chilangolandia.com
    O1 - Hosts: 66.70.107.141 christian.achong.com
    O1 - Hosts: 155.210.58.65 ciberconta.unizar.es
    O1 - Hosts: 200.57.34.78 cinemex.com
    O1 - Hosts: 131.178.11.22 cinemexicano.mty.itesm.mx
    O1 - Hosts: 66.218.69.96 classic.search.yahoo.com
    O1 - Hosts: 63.123.248.11 click.linksynergy.com
    O1 - Hosts: 64.37.199.107 clickserve.cc-dt.com
    O1 - Hosts: 64.12.53.166 clients.mapquest.com
    O1 - Hosts: 128.102.184.30 cmex-www.arc.nasa.gov
    O1 - Hosts: 207.153.254.58 colatz.starmedia.com
    O1 - Hosts: 200.36.219.124 comercial.reforma.com
    O1 - Hosts: 209.25.140.9 comingsoon.alldomains.com
    O1 - Hosts: 66.119.67.120 comprasenusa.mx.terra.com
    O1 - Hosts: 216.147.102.117 cookiegiftbaskets.com
    O1 - Hosts: 64.146.132.17 count.exitexchange.com
    O1 - Hosts: 148.223.155.8 customer-148-223-155-8.uninet.net.mx
    O1 - Hosts: 207.46.241.45 das.microsoft.com
    O1 - Hosts: 207.241.148.80 databases.about.com
    O1 - Hosts: 216.242.178.156 dev.trapezoid.com
    O1 - Hosts: 193.194.158.201 devx.safaribooksonline.com
    O1 - Hosts: 200.23.8.226 dgcnesyp.inegi.gob.mx
    O1 - Hosts: 66.218.71.192 dir.yahoo.com
    O1 - Hosts: 216.239.39.106 directory.google.com
    O1 - Hosts: 66.232.11.78 directstage.directvla.com
    O1 - Hosts: 199.181.133.198 disney.store.go.com
    O1 - Hosts: 200.89.64.14 docencia.med.uchile.cl
    O1 - Hosts: 66.172.0.90 domainlanding.targetwords.com
    O1 - Hosts: 206.16.0.45 download.com.com
    O1 - Hosts: 200.16.36.14 dsrefa01.bital.com.mx
    O1 - Hosts: 66.163.171.145 e.my.yahoo.com
    O1 - Hosts: 216.136.227.7 edit.yahoo.com
    O1 - Hosts: 66.218.71.163 education.yahoo.com
    O1 - Hosts: 66.7.164.219 eicus.com
    O1 - Hosts: 64.29.19.93 elpiter.pitas.com
    O1 - Hosts: 66.113.66.50 embarazohoy.com
    O1 - Hosts: 207.68.177.62 entertainment.msn.com
    O1 - Hosts: 65.108.234.212 es.catholic.net
    O1 - Hosts: 216.92.138.55 es.moda.com
    O1 - Hosts: 207.68.170.122 es.msnusers.com
    O1 - Hosts: 64.58.79.172 es.search.yahoo.com
    O1 - Hosts: 217.12.3.11 es.yahoo.com
    O1 - Hosts: 66.218.75.186 espanol.briefcase.yahoo.com
    O1 - Hosts: 216.136.232.195 espanol.dir.yahoo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Archivos de programa\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [MessengerSettings] C:\WINDOWS\regsettings.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Archivos de programa\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCSService] C:\Archivos de programa\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Expedience LinkMonitor.lnk = ?
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de Programas\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Crear un favorito móvil (HKLM)
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
    O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.fotobuscador.com/descarga/DialerData.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
    O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsoradulto.com/SysWebTelecom2.cab
    O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} (SendMail Class) - http://www100.placeware.com/etc/static/rapidtps/2003-09-14-21-26-01/MailObjects.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwcb.ops.placeware.com/etc/place/SC4-1/tps08/6000-zs/lib/quicksilver.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com.mx/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://secure.directvla.com.mx/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://globalenglish2.webex.com/client/latest/webex/ieatgpc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Re:please Help with HijackThis Log File

    Hi Eric,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

    O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsoradulto.com/SysWebTelecom2.cab

    O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwcb.ops.placeware.com/etc/place/SC4-1/tps08/6000-zs/lib/quicksilver.cab

    Then reboot and delete:
    C:\Archivos de programa\MyWebSearch <= entire folder

    That leaves a few I'm curious about:
    Some of the O1 entries look odd.
    Where did you get that hosts file?

    And I don't know what this does:
    O4 - HKLM\..\Run: [MessengerSettings] C:\WINDOWS\regsettings.exe

    Regards,

    Pieter
     
  4. Eric Mejia

    Eric Mejia Guest

    Hi Pieter

    Thank you very much for your help. Yes all 01's are the answer
    to this problem. After run HijackThis I received a message telling something about a problem with the 01's in the hosts file so what I did was to remove the Hosts file and I replaced by a clean one. Thats resolve the problem with the URL's not accessible.

    Again Thank you very much for your help.
    Eric.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    My pleasure, Eric. :)

    I'm curious about that regsettings.exe though.
    Could you mail it to te address in my profile, please?

    TIA,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.