PDA

View Full Version : http://ad.yieldmanager.com/imp%3Fz


cxgcxg
2007-12-02, 17:43
Hello - When I use facebook my page frequently does a reload a split second after clicking a link to a new page (within facebook). It sends me to a google/dell search screen with the message that it cannot find page "http://ad.yieldmanager.com/imp%3Fz". At the moment my wife and I can't think of any other site where we have the same problem.

Spybot came up clean in safe mode (I fairly regularly use Spybot and AdAware) and I run (free) AVG. Below are my HTL and Kaspersky logs. Kaspersky found one virus that AVG didn't pick up.

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:59, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=ca_googlemail_tlsosm_t&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061110
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=bDZwkyGtF6SivyScuY_nM7HNCsw
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8781 bytes


[B][U]Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 01, 2007 7:33:59 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469846
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 99683
Number of viruses found: 1
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:20:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-182ef2ea-30566504.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-182ef2ea-30566504.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-182ef2ea-30566504.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-182ef2ea-30566504.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-a53dff0-74098a63.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-a53dff0-74098a63.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-a53dff0-74098a63.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-a53dff0-74098a63.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Chris & Fern\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris & Fern\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris & Fern\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris & Fern\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris & Fern\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped
C:\Documents and Settings\Chris & Fern\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Chris & Fern\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris & Fern\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chris & Fern\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP257\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\CHRIS-FERN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{BA3B863C-FF21-4A62-95E9-0238C31E4BBF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1d0.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_684.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT00b46.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00b49.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Shaba
2007-12-07, 10:21
Hi cxgcxg

Do you have some custom hosts file installed?
cxgcxg
2007-12-07, 12:06
Hi Shaba,

I'm not familiar with hosts files and therefore assume that the answer is no.

Thanks
Shaba
2007-12-07, 12:15
Hi

Ok, then do this and post back if that still occurs:

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Also empty this folder:

C:\Documents and Settings\Chris & Fern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
cxgcxg
2007-12-08, 10:16
Hi Shaba,

Thanks for the advice. I have carried out the HOSTS steps and deleted that Java sub-folder as instructed.

Unfortunately the problem in Facebook persists, however, although I am redirected to the same Dell/Google 'search' page, the message has changed to "Sorry, we couldn't find http://ads.ak.facebook.com/ads/creative/msn/uk-120...." and then variations on this stem.

- Could this be be something that I need to manually adjust my new HOSTS file to block?
- The deleted Java sub-folder is in my recycle bin. Should I now delete it from there so it totally leaves my system?

Thanks once again,
Chris.
Shaba
2007-12-08, 10:23
Hi

You should not delete that folder but to delete all files/folders inside it.

So please restore that folder from Recycle Bin and delete
its contents only.

Have you tried going to that site using eg. Firefox?
cxgcxg
2007-12-08, 10:45
Hi Shaba,

I have restored the folder and deleted the contents. They now appear in the recycle bin - should I delete these completely or leave them there?

Facebook works ok in FireFox. Do you have any ideas as to what might be causing this redirect when I view in IE?

Thanks
Shaba
2007-12-08, 10:50
Hi

"They now appear in the recycle bin - should I delete these completely or leave them there?"

Yes.

"Do you have any ideas as to what might be causing this redirect when I view in IE? "

You can try to adjust security settings.
cxgcxg
2007-12-08, 21:01
Hi Shaba,

The problem with redirects is now not limited to Facebook, it seems to be most websites now and the page not found address is varied rather than just being the ad.yieldmanager that it was previously.

What do you suggest?
How do I adjust security settings as you advised previously?

I'm a relative novice with computers...

Thanks
Shaba
2007-12-09, 11:04
Hi

"
The problem with redirects is now not limited to Facebook, it seems to be most websites now and the page not found address is varied rather than just being the ad.yieldmanager that it was previously."

Can you give more examples? If those other sites are bad as well as ad.yieldmanager, it's normal

"How do I adjust security settings as you advised previously?"

Follow these:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
cxgcxg
2007-12-09, 21:19
Hi Shaba,

The security settings were already set like that fortunately.

I copy below some examples now of the redirect messages. The first is for 'facebook' and remains the same as before installing that HOSTS file. The others are just the first examples that I came across from other websites - the problem is very widespread now and has spread from being just facebook.

To clarify, the URL of the redirected page for the facebook example is:

http://www.google.co.uk/hws/dell-usuk/afe?hl=en&channel=uk&s=http://ads.ak.facebook.com/ads/creative/msn/uk-120home.html

The actual error messages from the redirected sites are as follows:

Facebook

Sorry, we couldn't find http://ads.ak.facebook.com/ads/creative/msn/uk-120profile.html. Here are some related websites:

ebay

Sorry, we couldn't find http://ad.uk.doubleclick.net/adi/N884.Ebay_MCUK/B1639283.20%3Bsz. Here are some related websites:

yahoo

Sorry, we couldn't find http://media.adrevolver.com/adrevolver/trace%3Fsip. Here are some related websites:

AZ Lyrics Universe

Sorry, we couldn't find http://as.casalemedia.com/s%3Fs. Here are some related websites


Thanks for your continuing help with this Shaba
Shaba
2007-12-10, 10:16
Hi

Those are all bad sites so I wouldn't be very concerned if those sites (eg. facebook) otherwise work ok?

You can try IE7Pro (http://www.ie7pro.com/) and post back if that helped.
cxgcxg
2007-12-10, 13:35
Hi Shaba,

I will try the IE7pro.

I can barely use about 50% of the websites that I visit because within a split second of navigating there I am redirected to this Google/Dell search page. If I understand, this is a safety feature designed to protect me?

This was never an issue before I changed the HOSTS so I am now wondering if I should revert back. I really don't understand what I've done with the HOSTS but it can't be right to have a computer that can't visit half of the websites that it attempts to as they are legit websites?

Based upon your knowledge of HOSTS, would you advise reinstalling the old HOSTS file or attempting to customise the current version (if this is possible)? I don't understand how this step to protect my computer has caused so many issues.

Sorry, as i said before I'm a relative novice with computers!

Thanks Shaba
Shaba
2007-12-10, 13:38
Hi

"If I understand, this is a safety feature designed to protect me?"

Then not.

Yes you can try to revert that back, maybe this is the easiest way:

Download HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your desktop

Click "Make Hosts Writable?" upper right corner (if available)
Click "Restore MS Hosts File" and then click OK
Close HostsXpert
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually

However, I have never heard that installing custom HOSTS file would cause that.
Shaba
2007-12-17, 10:40
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it had been 10 days or more since your last post, and especially if the helper assisting you posted a response to that post to which you did not reply, the topic will not be reopened.

In that situation, if you still require help, it would be best to start a new topic and include a fresh HijackThis log with a link to your original thread.

Everyone else please begin a New Topic.