Link to home
Start Free TrialLog in
Avatar of jake74
jake74

asked on

Can't connect to adwords.google.com or content.overture.com

I feel like my browser has been hijacked, but Ad-Aware and the Microsoft Spyware tool haven't found the problem.
I can browse the Internet as normal with the exception of two sites (that I know of).  http://adwords.google.com and http://www.content.overture.com/d/.  I get a "Page Not Found" error.  I've deleted Temporary Internet files, deleted all cookies, and checked my hosts file at c:\windows\system32\drivers\etc\ (everything is set to 127.0.0.1)  The host file is big, 159K, is that normal?
This just started happening over the last couple of weeks.  I've had this problem before, but have since reinstalled windows XP pro.  I wish I knew what I installed or what site I visited that may have caused this, but I don't.  I need your help to get this straigtened out.  
One interesting note, when I deleted my temporary files and cache, my browser started popping up the window for no connection to the internet, try again and work offline buttons.  I choose try again and I connect just fine.  
Technical stuff:
I'm running windows XP pro Version 2002 SP2
IE 6.00.2900.2180. other junk
My hijack this log is at: http://www.skylovers.org/hijack/hijackthis.log

Thanks in advance-
Jake
SOLUTION
Avatar of redseatechnologies
redseatechnologies
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rburns50
rburns50

That hosts file is way too big...default hostfile should be around 700-750 bytes (i.e. not kbytes). I would suggest that you run msconfig.exe, and then click the startup tab and deselect some of the startup programs (maybe 5-10 at a time). Then reboot, and see if the browser works. If not, do the same process, but deselect other startup programs each time, rebooting and checking. THis doesn't remove the registry keys, just disables them for a specific bootup. Once it starts working, narrow it down to one or two startup programs and then delete them using Hijackthis.exe.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jake74

ASKER

I had a backup hosts file that only contained the first line: 127.0.0.1  localhost.  I renamed that file to be my hosts file and all is well.  The non-working adwords URLs were listed in the 150K hosts file.  
 I'm also removing the entries:
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
from my startup.  Do you guys know what these are?

Jake
sorry jake, you can leave both of those processes there

they are part of your creative drivers

-red
redseatechnologies: thanks for your fast post. He can surely leave the two registry entries, but he can remove them as well without any problems - agree?

Jake: UpdReg.EXE in the ...\Run key of the registry is used to remind you to register SB Live product:
http://www.spyany.com/files/updreg_exe.html
So if you do not want to register your sound card with Creative, you can safely delete this entry.

REGSVR32.EXE registers Active-X controls and DLL files with the registry of Windows. /S means it will not show to the user what is happening, which is often the case. CT = Creative Technology, ASIO = Audio Stream In/Out. Here is a bit more info:
http://tinyurl.com/csn45
If you need the sound card's recording functionality (or more than the basic sound), you should leave this key as it is.

Regards,
has.
al-hasan: he can definately delete them - they simply look like creative propoganda, it wont affect anything important if they are deleted

as for the ctasio, it should only need to be registered once to work, i think creative are just overkilling it by re-registering every boot up - dont you think?

-red
redseatechnologies: nice to see we share the same view :-) Thank you!

What is put into the 'Run' key of the registry will be executed with each start of Windows, so basically both entries should not be there. That sound driver gets installed (should be via 'RunOnce' IMHO) and should run. Well, somehow I read on some page it is recommended to leave the REGSVR32.EXE /S CTASIO.DLL part there - but I cannot see any need. On my own computers I clean the registries even more, down to the very essential.

Regards,
has.
Avatar of jake74

ASKER

I don't care about the registration stuff, but it looks like the other bit is needed if I want to record (which I do quite a lot.)
Thanks for all your help! By the way, here's an interesting segment of my big hosts file:

# This MVPS HOSTS file is a free download from:           #
# http://www.mvps.org/winhelp2002/                        #
#                                                         #
# Notes: the browser does not read this "#" symbol        #
# You can create your own notes, after the # symbol       #
# This *must* be the first line: 127.0.0.1     localhost  #
# ********************************************************#
# ------------------Updated: 06-06-04---------------------#
# ********************************************************#
# Entries marked with Parasite or Trojan comments should  #
# be placed in the Internet Explorer Restricted Zone.     #
# http://mvps.org/winhelp2002/restricted.htm              #
#                                                         #
# Entries with other comments are searchable via Google.  #
#                                                         #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #
# [Misc Add-ons][A - Z]
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 acestats.com
...and on and on it goes...

Don't know what app took the liberty to download it and install it for me, but it caused me some grief.  Now I know.

Jake
i would be keeping that hosts file

i believe the process of having a hosts file that blocks know advertising sites is supertrick - kazaa lite used to install it, i am sure some other programs do as well.

one interesting thing on that host file tho - it says you first line MUST be 127.0.0.1 localhost - but it isn't

you can change that by making it

# permitted to post on any other site without permission. #
# [Misc Add-ons][A - Z]
127.0.0.1 locahost
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com

either way, it is working now

-red
>>   i would be keeping that hosts file  <<

red: me too. Guess there is a heap of useful advertisement serving servers (argh, sorry, what a name) listed, and as long as they are sent to the localhost (127.0.0.1) no data from them will be loaded.

Another advantage, apart from blocking ads: I happen to use google for websearches. And I happen to misspell it when typing fast, so I enter:

216.239.57.99        googel
216.239.57.99        googel.com
216.239.57.99        google.com

So all three variants of 'google' will lead to the right server at 216.239.57.99. And if the ISP's DNS server were down, I could still surf to google.

Regards,
has.