Something blocking ads on web pages

Discussion in 'Computer Support' started by Caaagh, Oct 19, 2003.

  1. Caaagh

    Caaagh Guest

    I am really puzzled. I seem to get frequently blank areas of web pages
    which have the red cross "Action Cancelled" in them rather than what I think
    is an advert for another web site.

    I would actually prefer the adverts! I don't like censorship and prefer to
    make my own choice of ignoring things rather than being made to do it.

    I have downloaded stuff in the past, and think this must have slipped in
    somewhere. The only trouble is I can't figure out what the program is and
    there doesn't seem to be any obvious ad-blocking software running on my

    Here is the HijackThis logfile for you to take a look at - and any
    help/advice would be most gratefully received!
    Thanks a lot
    (remove the **NOSPAM** to reply)

    Logfile of HijackThis v1.97.3
    Scan saved at 17:25:00, on 19/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Wsr\WinsysRsr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Outlook Express\msimn.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
    O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    O4 - Global Startup: PUSH650C.lnk = C:\WINDOWS\twain_32\PUSH650C.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) -
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl
    Class) -
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
    Information Class) -
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O17 -
    NameServer =
    Caaagh, Oct 19, 2003
    1. Advertisements

  2. Caaagh

    °Mike° Guest

    "Action Canceled" in what would normally be an advert
    spot, is a sign that you have the domain in your restricted
    sites zone, or in your hosts file. Before I go through your
    HijackThis log, do you have a hosts file (no extension)?

    °Mike°, Oct 19, 2003
    1. Advertisements

  3. Caaagh

    Caaagh Guest

    You've foxed me there! I did a search and found two

    C:\I386 - 734 bytes (734 bytes)
    Created 08 April 2003, 11:12:24, modified 18 August 2001, 13:00:00, accessed
    19 October 2003, 19:03:00

    C:\WINDOWS\system32\drivers\etc - 26.0 KB (26,628 bytes) -
    Created 26 February 2003, 10:41:07, modified 25 July 2003, 15:24:56 accessed
    19 October 2003, 19:03:41

    I've also got one with with the extension .svr.
    Hope this helps!
    This happens on lots of web sites, not just one or two.
    Thanks a lot

    Caaagh, Oct 19, 2003
  4. Caaagh

    °Mike° Guest

    What is the contents of the hosts file in
    C:\WINDOWS\system32\drivers\etc ?

    It's 26KB, so there must be quite a few entries
    in it, and this may be what's blocking the ads.

    °Mike°, Oct 19, 2003
  5. Caaagh

    Caaagh Guest

    Absolutely loads of stuff - I opened it in Wordpad.
    The first few entries are :
    # localhost: Needs to stay like this to work localhost

    # KaZaA related:

    This does make sense as I think the blocking started after I got into Kazaa
    Lite! Can I just delete the whole file???

    Really appreciate your help!

    Caaagh, Oct 19, 2003
  6. Caaagh

    °Mike° Guest

    Yes, that's what is blocking the adverts. What it is doing
    is reading the hosts file before using DNS, and the addresses
    that are set to are pointed to your machine,
    which is what is. Take a look here:

    If you REALLY want to remove this ad/cookie blocking, you
    should rename the hosts file, rather than delete everything.
    The hosts file is not actually necessary, so it's ok to rename
    it to, say, hosts.bak , or whatever you choose.

    °Mike°, Oct 19, 2003
  7. Caaagh

    Caaagh Guest

    It worked!!!
    Thank you so much Mike!!!!!
    Caaagh, Oct 19, 2003
  8. Caaagh

    °Mike° Guest

    You're welcome.

    °Mike°, Oct 19, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.