IE refuse to connect to some URL's

Discussion in 'adware, spyware & hijack cleaning' started by Eric Mejia, Feb 5, 2004.

Thread Status:
Not open for further replies.
  1. Eric Mejia

    Eric Mejia Guest

    There are some particular URN like
    www.microsoft.com
    www.t1msn.com.mx
    www.zinio.com

    among others is like a program catch me when I try to get in one of the URLs above also when the IE try to access the site and can not reach it IE direct me to a serch engine like mywebsearch or msnsearch engines. I can realized the this is a Hijacks problem because I use at the same time a laptop using the same connection and I am able to connect to those sites.
    I already ran the Ad-aware,Spybot and HijackThis and the problem persist.
    I also installed NetScape Version 7 actually my IE version is 6.026 and Netscape have the same problem.
    Please let me know what else can I do to resolve this problem.

    Best Regards...
    Eric Mejia
     
  2. Eric Mejia

    Eric Mejia Guest

    Please Help with HijackThis Log File

    Logfile of HijackThis v1.97.7
    Scan saved at 12:06:20 p.m., on 05/02/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    D:\ARCHIV~2\MICROS~2\MSSQL\binn\sqlservr.exe
    D:\Archivos de programa\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\qttask.exe
    C:\ARCHIV~1\NORTON~1\navapw32.exe
    C:\Archivos de programa\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Archivos de programa\Winamp\Winampa.exe
    C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Archivos de programa\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    C:\Archivos de programa\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Archivos de programa\Messenger\msmsgs.exe
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Archivos de programa\Expedience LinkMonitor\LinkMonitor.exe
    D:\Archivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
    C:\Archivos de programa\HOTSYNC.EXE
    C:\Documents and Settings\Eric Mejia\Configuración local\Temp\Directorio temporal 1 para hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.esmas.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O1 - Hosts: 64.156.188.97 a.rn11.com
    O1 - Hosts: 209.247.153.153 a1669.g.akamai.net
    O1 - Hosts: 66.119.79.135 a248.e.akamai.net
    O1 - Hosts: 192.165.223.241 about.reuters.com
    O1 - Hosts: 148.245.40.205 accigame.banamex.com.mx
    O1 - Hosts: 212.19.215.70 act.greenpeace.org
    O1 - Hosts: 205.138.3.102 ad.doubleclick.net
    O1 - Hosts: 216.73.87.152 ad.terra.doubleclick.net
    O1 - Hosts: 209.225.54.119 ads.adsag.com
    O1 - Hosts: 69.57.136.5 ads.adtomi.com
    O1 - Hosts: 66.98.158.51 ads.cdmetrix.com
    O1 - Hosts: 200.57.34.76 ads.netmx.com.mx
    O1 - Hosts: 64.200.214.173 ads.peel.com
    O1 - Hosts: 66.172.0.26 ads.popupsponsor.com
    O1 - Hosts: 148.244.79.85 ads.ticketmaster.com.mx
    O1 - Hosts: 63.211.210.20 ads.x10.com
    O1 - Hosts: 216.35.70.43 ads.yupimsn.com
    O1 - Hosts: 199.231.130.40 airlines-hotels.com
    O1 - Hosts: 65.54.224.254 alerts.msn.com
    O1 - Hosts: 209.67.27.16 amch.questionmarket.com
    O1 - Hosts: 209.185.12.38 amigos.com
    O1 - Hosts: 66.111.49.73 animewallpapers.com
    O1 - Hosts: 200.53.64.208 antivirus.terra.com.mx
    O1 - Hosts: 192.5.73.105 app.vegas.com
    O1 - Hosts: 209.1.14.11 archive.devx.com
    O1 - Hosts: 64.89.23.131 ars.pinupstarlets.com
    O1 - Hosts: 205.180.85.145 asm5.z1.adserver.com
    O1 - Hosts: 64.157.224.6 avantgo.com
    O1 - Hosts: 209.73.164.146 babelfish.altavista.com
    O1 - Hosts: 209.40.107.224 banners.konouz.net
    O1 - Hosts: 207.21.223.81 bbmundo.com
    O1 - Hosts: 64.159.91.12 beallsflorida.com
    O1 - Hosts: 209.5.104.30 bellagio.admission.com
    O1 - Hosts: 67.29.152.45 beta.alcarria.com
    O1 - Hosts: 216.12.133.68 bidclix.net
    O1 - Hosts: 216.184.171.242 biggestdick.net
    O1 - Hosts: 213.149.225.67 boards2.melodysoft.com
    O1 - Hosts: 66.33.206.56 books.dreambook.com
    O1 - Hosts: 140.186.45.2 books-video.com
    O1 - Hosts: 216.32.229.176 bricks.coupons.com
    O1 - Hosts: 199.106.73.16 bsearch.babycenter.com
    O1 - Hosts: 213.193.18.103 buscador.lycos.es
    O1 - Hosts: 200.53.64.207 buscador.terra.com.mx
    O1 - Hosts: 209.202.216.13 buscar2.terra.com
    O1 - Hosts: 64.12.153.164 busqueda.aol.com.mx
    O1 - Hosts: 216.35.70.55 busqueda.yupimsn.com
    O1 - Hosts: 66.45.2.247 buycostumes.com
    O1 - Hosts: 65.54.244.250 by1fd.bay1.hotmail.msn.com
    O1 - Hosts: 64.4.51.16 calendar.msn.com
    O1 - Hosts: 216.35.70.23 canales.t1msn.com.mx
    O1 - Hosts: 65.61.216.42 casadelrecuerdo.com
    O1 - Hosts: 148.245.207.82 cat.liverpool.com.mx
    O1 - Hosts: 63.251.135.70 ccprod.roving.com
    O1 - Hosts: 64.41.153.10 center.atomz.com
    O1 - Hosts: 66.135.192.148 cgi.ebay.com
    O1 - Hosts: 192.150.22.125 cgim.adobe.com
    O1 - Hosts: 207.68.167.254 chat.msn.com
    O1 - Hosts: 200.10.200.230 chilangolandia.com
    O1 - Hosts: 66.70.107.141 christian.achong.com
    O1 - Hosts: 155.210.58.65 ciberconta.unizar.es
    O1 - Hosts: 200.57.34.78 cinemex.com
    O1 - Hosts: 131.178.11.22 cinemexicano.mty.itesm.mx
    O1 - Hosts: 66.218.69.96 classic.search.yahoo.com
    O1 - Hosts: 63.123.248.11 click.linksynergy.com
    O1 - Hosts: 64.37.199.107 clickserve.cc-dt.com
    O1 - Hosts: 64.12.53.166 clients.mapquest.com
    O1 - Hosts: 128.102.184.30 cmex-www.arc.nasa.gov
    O1 - Hosts: 207.153.254.58 colatz.starmedia.com
    O1 - Hosts: 200.36.219.124 comercial.reforma.com
    O1 - Hosts: 209.25.140.9 comingsoon.alldomains.com
    O1 - Hosts: 66.119.67.120 comprasenusa.mx.terra.com
    O1 - Hosts: 216.147.102.117 cookiegiftbaskets.com
    O1 - Hosts: 64.146.132.17 count.exitexchange.com
    O1 - Hosts: 148.223.155.8 customer-148-223-155-8.uninet.net.mx
    O1 - Hosts: 207.46.241.45 das.microsoft.com
    O1 - Hosts: 207.241.148.80 databases.about.com
    O1 - Hosts: 216.242.178.156 dev.trapezoid.com
    O1 - Hosts: 193.194.158.201 devx.safaribooksonline.com
    O1 - Hosts: 200.23.8.226 dgcnesyp.inegi.gob.mx
    O1 - Hosts: 66.218.71.192 dir.yahoo.com
    O1 - Hosts: 216.239.39.106 directory.google.com
    O1 - Hosts: 66.232.11.78 directstage.directvla.com
    O1 - Hosts: 199.181.133.198 disney.store.go.com
    O1 - Hosts: 200.89.64.14 docencia.med.uchile.cl
    O1 - Hosts: 66.172.0.90 domainlanding.targetwords.com
    O1 - Hosts: 206.16.0.45 download.com.com
    O1 - Hosts: 200.16.36.14 dsrefa01.bital.com.mx
    O1 - Hosts: 66.163.171.145 e.my.yahoo.com
    O1 - Hosts: 216.136.227.7 edit.yahoo.com
    O1 - Hosts: 66.218.71.163 education.yahoo.com
    O1 - Hosts: 66.7.164.219 eicus.com
    O1 - Hosts: 64.29.19.93 elpiter.pitas.com
    O1 - Hosts: 66.113.66.50 embarazohoy.com
    O1 - Hosts: 207.68.177.62 entertainment.msn.com
    O1 - Hosts: 65.108.234.212 es.catholic.net
    O1 - Hosts: 216.92.138.55 es.moda.com
    O1 - Hosts: 207.68.170.122 es.msnusers.com
    O1 - Hosts: 64.58.79.172 es.search.yahoo.com
    O1 - Hosts: 217.12.3.11 es.yahoo.com
    O1 - Hosts: 66.218.75.186 espanol.briefcase.yahoo.com
    O1 - Hosts: 216.136.232.195 espanol.dir.yahoo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Archivos de programa\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [MessengerSettings] C:\WINDOWS\regsettings.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Archivos de programa\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCSService] C:\Archivos de programa\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Expedience LinkMonitor.lnk = ?
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de Programas\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Crear un favorito móvil (HKLM)
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
    O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.fotobuscador.com/descarga/DialerData.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
    O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsoradulto.com/SysWebTelecom2.cab
    O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} (SendMail Class) - http://www100.placeware.com/etc/static/rapidtps/2003-09-14-21-26-01/MailObjects.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwcb.ops.placeware.com/etc/place/SC4-1/tps08/6000-zs/lib/quicksilver.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com.mx/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://secure.directvla.com.mx/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://globalenglish2.webex.com/client/latest/webex/ieatgpc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re:please Help with HijackThis Log File

    Hi Eric,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

    O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsoradulto.com/SysWebTelecom2.cab

    O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwcb.ops.placeware.com/etc/place/SC4-1/tps08/6000-zs/lib/quicksilver.cab

    Then reboot and delete:
    C:\Archivos de programa\MyWebSearch <= entire folder

    That leaves a few I'm curious about:
    Some of the O1 entries look odd.
    Where did you get that hosts file?

    And I don't know what this does:
    O4 - HKLM\..\Run: [MessengerSettings] C:\WINDOWS\regsettings.exe

    Regards,

    Pieter
     
  4. Eric Mejia

    Eric Mejia Guest

    Hi Pieter

    Thank you very much for your help. Yes all 01's are the answer
    to this problem. After run HijackThis I received a message telling something about a problem with the 01's in the hosts file so what I did was to remove the Hosts file and I replaced by a clean one. Thats resolve the problem with the URL's not accessible.

    Again Thank you very much for your help.
    Eric.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    My pleasure, Eric. :)

    I'm curious about that regsettings.exe though.
    Could you mail it to te address in my profile, please?

    TIA,

    Pieter
     
Thread Status:
Not open for further replies.