Something blocking ads on web pages

Discussion in 'Computer Support' started by Caaagh, Oct 19, 2003.

  1. Caaagh

    Caaagh Guest

    Hi
    I am really puzzled. I seem to get frequently blank areas of web pages
    which have the red cross "Action Cancelled" in them rather than what I think
    is an advert for another web site.

    I would actually prefer the adverts! I don't like censorship and prefer to
    make my own choice of ignoring things rather than being made to do it.

    I have downloaded stuff in the past, and think this must have slipped in
    somewhere. The only trouble is I can't figure out what the program is and
    there doesn't seem to be any obvious ad-blocking software running on my
    system.

    Here is the HijackThis logfile for you to take a look at - and any
    help/advice would be most gratefully received!
    Thanks a lot
    Sheila
    (remove the **NOSPAM** to reply)

    Logfile of HijackThis v1.97.3
    Scan saved at 17:25:00, on 19/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\NotifyPhoneBook.exe
    C:\Program Files\Wsr\WinsysRsr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\twain_32\PUSH650C.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.systemaxpc.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    http://www.systemaxpc.co.uk/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser
    Mouse\1.0\lwbwheel.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
    ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: PUSH650C.lnk = C:\WINDOWS\twain_32\PUSH650C.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
    Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.systemaxpc.co.uk/
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl
    Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
    Information Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
    http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{A007A159-2F3C-45E7-ACD0-A856F6848CED}:
    NameServer = 195.8.69.7 195.8.69.12
     
    Caaagh, Oct 19, 2003
    #1
    1. Advertisements

  2. Caaagh

    °Mike° Guest

    "Action Canceled" in what would normally be an advert
    spot, is a sign that you have the domain in your restricted
    sites zone, or in your hosts file. Before I go through your
    HijackThis log, do you have a hosts file (no extension)?


     
    °Mike°, Oct 19, 2003
    #2
    1. Advertisements

  3. Caaagh

    Caaagh Guest

    You've foxed me there! I did a search and found two

    C:\I386 - 734 bytes (734 bytes)
    Created 08 April 2003, 11:12:24, modified 18 August 2001, 13:00:00, accessed
    19 October 2003, 19:03:00


    C:\WINDOWS\system32\drivers\etc - 26.0 KB (26,628 bytes) -
    Created 26 February 2003, 10:41:07, modified 25 July 2003, 15:24:56 accessed
    19 October 2003, 19:03:41

    I've also got one with with the extension .svr.
    Hope this helps!
    This happens on lots of web sites, not just one or two.
    Thanks a lot
    Sheila

     
    Caaagh, Oct 19, 2003
    #3
  4. Caaagh

    °Mike° Guest

    What is the contents of the hosts file in
    C:\WINDOWS\system32\drivers\etc ?

    It's 26KB, so there must be quite a few entries
    in it, and this may be what's blocking the ads.


    <snip>
     
    °Mike°, Oct 19, 2003
    #4
  5. Caaagh

    Caaagh Guest

    Absolutely loads of stuff - I opened it in Wordpad.
    The first few entries are :
    # localhost: Needs to stay like this to work

    127.0.0.1 localhost

    # KaZaA related:

    127.0.0.1 desktop.kazaa.com

    127.0.0.1 www.altnetp2p.com

    127.0.0.1 alpha.kazaa.com

    This does make sense as I think the blocking started after I got into Kazaa
    Lite! Can I just delete the whole file???

    Really appreciate your help!

    Sheila
     
    Caaagh, Oct 19, 2003
    #5
  6. Caaagh

    °Mike° Guest

    Yes, that's what is blocking the adverts. What it is doing
    is reading the hosts file before using DNS, and the addresses
    that are set to 127.0.0.1 are pointed to your machine,
    which is what 127.0.0.1 is. Take a look here:
    http://accs-net.com/hosts/
    http://accs-net.com/hosts/what_is_hosts.html

    If you REALLY want to remove this ad/cookie blocking, you
    should rename the hosts file, rather than delete everything.
    The hosts file is not actually necessary, so it's ok to rename
    it to, say, hosts.bak , or whatever you choose.


     
    °Mike°, Oct 19, 2003
    #6
  7. Caaagh

    Caaagh Guest

    It worked!!!
    Thank you so much Mike!!!!!
    Sheila
     
    Caaagh, Oct 19, 2003
    #7
  8. Caaagh

    °Mike° Guest

    You're welcome.


    <snip>
     
    °Mike°, Oct 19, 2003
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.