Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1414
  • Last Modified:

Can't connect to adwords.google.com or content.overture.com

I feel like my browser has been hijacked, but Ad-Aware and the Microsoft Spyware tool haven't found the problem.
I can browse the Internet as normal with the exception of two sites (that I know of).  http://adwords.google.com and http://www.content.overture.com/d/.  I get a "Page Not Found" error.  I've deleted Temporary Internet files, deleted all cookies, and checked my hosts file at c:\windows\system32\drivers\etc\ (everything is set to 127.0.0.1)  The host file is big, 159K, is that normal?
This just started happening over the last couple of weeks.  I've had this problem before, but have since reinstalled windows XP pro.  I wish I knew what I installed or what site I visited that may have caused this, but I don't.  I need your help to get this straigtened out.  
One interesting note, when I deleted my temporary files and cache, my browser started popping up the window for no connection to the internet, try again and work offline buttons.  I choose try again and I connect just fine.  
Technical stuff:
I'm running windows XP pro Version 2002 SP2
IE 6.00.2900.2180. other junk
My hijack this log is at: http://www.skylovers.org/hijack/hijackthis.log

Thanks in advance-
Jake
0
jake74
Asked:
jake74
  • 4
  • 4
  • 2
  • +1
2 Solutions
 
redseatechnologiesCommented:
Hi jake74

I had a look over your HijackThis log and it looks ok to me

the only 2 things i saw that you could delete were

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

other than that, have a look in your hosts file at c:\windows\system32\drivers\etc\ again and search for adwords.google.com

you will probably find (due to the large size of your host file) that you have something like supertrick installed.  If you find adwords in the hosts file, just delete that line and then try it again.

Also, for your connection dialog popup - you can get rid of that by going to Internet Explorer>Tools>Internet Options>Connection>Never Dial A Connection

hope that helps

-red
0
 
rburns50Commented:
That hosts file is way too big...default hostfile should be around 700-750 bytes (i.e. not kbytes). I would suggest that you run msconfig.exe, and then click the startup tab and deselect some of the startup programs (maybe 5-10 at a time). Then reboot, and see if the browser works. If not, do the same process, but deselect other startup programs each time, rebooting and checking. THis doesn't remove the registry keys, just disables them for a specific bootup. Once it starts working, narrow it down to one or two startup programs and then delete them using Hijackthis.exe.
0
 
al-hasanCommented:
The size of a hosts file of several kB is alright, 150 kB on the large side, and the default one usually too small. The hosts file can nicely be used to block unwanted ads and nuisance pop-ups. So have a look whether there is an entry like this:
127.0.0.1      adwords.google.com  -> this would block access to this webserver. However usually only the google ads need to be blocked, which would result in:
127.0.0.1      pagead1.googlesyndication.com
...
127.0.0.1      pagead9.googlesyndication.com

The hosts file is a mighty tool to improve your surfing experience. However you should know what is blocked and what you like to see. And with a size of over 159 kB, the overview might be a bit difficult to keep.

Regards,
has.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
jake74Author Commented:
I had a backup hosts file that only contained the first line: 127.0.0.1  localhost.  I renamed that file to be my hosts file and all is well.  The non-working adwords URLs were listed in the 150K hosts file.  
 I'm also removing the entries:
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
from my startup.  Do you guys know what these are?

Jake
0
 
redseatechnologiesCommented:
sorry jake, you can leave both of those processes there

they are part of your creative drivers

-red
0
 
al-hasanCommented:
redseatechnologies: thanks for your fast post. He can surely leave the two registry entries, but he can remove them as well without any problems - agree?

Jake: UpdReg.EXE in the ...\Run key of the registry is used to remind you to register SB Live product:
http://www.spyany.com/files/updreg_exe.html
So if you do not want to register your sound card with Creative, you can safely delete this entry.

REGSVR32.EXE registers Active-X controls and DLL files with the registry of Windows. /S means it will not show to the user what is happening, which is often the case. CT = Creative Technology, ASIO = Audio Stream In/Out. Here is a bit more info:
http://tinyurl.com/csn45
If you need the sound card's recording functionality (or more than the basic sound), you should leave this key as it is.

Regards,
has.
0
 
redseatechnologiesCommented:
al-hasan: he can definately delete them - they simply look like creative propoganda, it wont affect anything important if they are deleted

as for the ctasio, it should only need to be registered once to work, i think creative are just overkilling it by re-registering every boot up - dont you think?

-red
0
 
al-hasanCommented:
redseatechnologies: nice to see we share the same view :-) Thank you!

What is put into the 'Run' key of the registry will be executed with each start of Windows, so basically both entries should not be there. That sound driver gets installed (should be via 'RunOnce' IMHO) and should run. Well, somehow I read on some page it is recommended to leave the REGSVR32.EXE /S CTASIO.DLL part there - but I cannot see any need. On my own computers I clean the registries even more, down to the very essential.

Regards,
has.
0
 
jake74Author Commented:
I don't care about the registration stuff, but it looks like the other bit is needed if I want to record (which I do quite a lot.)
Thanks for all your help! By the way, here's an interesting segment of my big hosts file:

# This MVPS HOSTS file is a free download from:           #
# http://www.mvps.org/winhelp2002/                        #
#                                                         #
# Notes: the browser does not read this "#" symbol        #
# You can create your own notes, after the # symbol       #
# This *must* be the first line: 127.0.0.1     localhost  #
# ********************************************************#
# ------------------Updated: 06-06-04---------------------#
# ********************************************************#
# Entries marked with Parasite or Trojan comments should  #
# be placed in the Internet Explorer Restricted Zone.     #
# http://mvps.org/winhelp2002/restricted.htm              #
#                                                         #
# Entries with other comments are searchable via Google.  #
#                                                         #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #
# [Misc Add-ons][A - Z]
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 acestats.com
...and on and on it goes...

Don't know what app took the liberty to download it and install it for me, but it caused me some grief.  Now I know.

Jake
0
 
redseatechnologiesCommented:
i would be keeping that hosts file

i believe the process of having a hosts file that blocks know advertising sites is supertrick - kazaa lite used to install it, i am sure some other programs do as well.

one interesting thing on that host file tho - it says you first line MUST be 127.0.0.1 localhost - but it isn't

you can change that by making it

# permitted to post on any other site without permission. #
# [Misc Add-ons][A - Z]
127.0.0.1 locahost
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com

either way, it is working now

-red
0
 
al-hasanCommented:
>>   i would be keeping that hosts file  <<

red: me too. Guess there is a heap of useful advertisement serving servers (argh, sorry, what a name) listed, and as long as they are sent to the localhost (127.0.0.1) no data from them will be loaded.

Another advantage, apart from blocking ads: I happen to use google for websearches. And I happen to misspell it when typing fast, so I enter:

216.239.57.99        googel
216.239.57.99        googel.com
216.239.57.99        google.com

So all three variants of 'google' will lead to the right server at 216.239.57.99. And if the ISP's DNS server were down, I could still surf to google.

Regards,
has.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now