Problem accessing certain Internet Sites(HijackThis log included)

[anubhab123]

Hi I am currently having a rather weird problem with internet access for my computer.It seems that whenever I try to access certain sites.Specifically ones with security of some sort I cant access.The page just says invalid syntax error and displays the address but with ?%20 in it and then the name of where I was trying to go.I tried to solve the problem by disabling startup items and it didnt work.Then I tried to disable services and win.ini and then system.ini. I disabled pretty much all of those together and it still did not goto the sites it did not go to in the first place.I then tried installing an alternative browser because I was using IE. I installed Mozilla Firefox but somehow whenever I click on it it says connection refused. The weird thing is that I can still access the internet with IE but firefox wont access it for some reason.I turned off most of my antivirus software to make sure it wasnt them yet it still didnt work. One thing I did notice,however, is that if I run it in Safe Mode with networking I can visit secure sites.Is this a hijacker or some sort of trojan? If anyone can help me out it would be greatly appreciated.I ran a scan with Hijackthis so you guys can help me better(if you decide to) Thanks!

 

[HoopaJoop]

this
http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443US

The web assistant

And this
file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

May be causing some of your problems.

Have you run spybot, and ad-aware?

 

[Vigilante]

Hello there.
You do want to run Ad-aware and Spybot, make sure you update them first. Also run a virus scan from trendmicro's online scanner, if IE let's you.

In Hijackthis, clean these lines:
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O8 - Extra context menu item: &Search - mywebsearch p=ZNxdm41443US

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - musicmatch (file missing)

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - Ebates_MoeMoneyMaker (file missing) (HKCU)

O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - zonelabs

O20 - AppInit_DLLs: mad.dll

Basically remove the ones with "file missing"

Also run and use BHOCaptor, you'll have to just search for this program and download it. I can't post URLs.
Deactivate any BHOs that look wierd. Likely you'll see one from Acrobat, Norton, Spybot, and maybe Java. But erase the rest.

After all that, another quick check you might do is, in IE, click "help-about" and see what the "Cipher Strength" is. It should be 128bit. If not, then parts of IE's subsystem are not working, namely, some DLLs.

It also sounds like you have a URL hijacker. After doing all this, and before using IE, go into Internet Properties and check your home page URL. Make sure it's not something weird. Change it to google or something.

Most of the time, security related problems are related to Cipher Strength, relating to corrupt or non-registered DLLs. It is also possible you might have LSP software running. Check add/remove programs and make sure "New dot net domains" or "Webhancer" are not there, if so, uninstall them. But Ad-aware and Spybot should clean those up if needs be.

Lastly, it could be an activeX problem. Which is also related to DLL problems. I can help with the DLL fixes but let us know if any of these leads you somewhere first.

Good luck.

(P.S. Because I can't post URLs on first post, I had to strip them)

 

[RealBlackStuff]

Save yourselves all this trouble and go to my post here:
https://www.techspot.com/vb/topic17297.html