A bad URL http://ebay.doubleclick.net/adi

Hi,

I'm having problem when browsing e-bay in Internet Explorer. The problem only occurs while surfing e-bay and no other websites. Lets say I'l in any given category and click on a listing. It's really fast but on the bottom where it says opening ........, it will say "A bad URL http://ebay.doubleclick.net/adi...." Than, when hitting the back button it will say

"A bad URL http://ebay.doubleclick.net/adi/ebay.us.220/slot_cars;cat=220;cat=2616;cat=4779;cat=2619;tile-5;dcopt=ist;=list=all;sz."

This also only happens in IE, when I go to the same pages in AOL, this does not happen.

 

Lets start by doing a General Cleanup!

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

• Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Ok, I followed all your instructions, I was not able to logon to any scan sites while in safe mode though. I don't know why, maybe something is set wrong.

 

What type connection do you have? Cable, DSL, Dialup?

 

Hi,
I'm using a cable modem with a router.

 

You previously stated you couldnt run the online scans in safe mode. Did you choose "Safe Mode with Networking"? If not, please do it again. If you still cannot run them in safe mode, reboot and run them in normal mode.


TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

 

OK, that works but when I get to the point to start the scan, the screen does not fit so I can click the start button. I tried changeing the screen size but it won't work. The log i posted has all the on line scans done in regular mode. If thats not good we have to figure out how to make that screen fit. After clicking on the "FULL SCAN" button, on the next page I lose the things on the bottom to slide over to where the start buttoncan be founf. Enter does not work either.

 

Did you complete all the scans I just mentioned in normal mode? Reasons its so important you run the scans is because you have the W32/Sdbot.worm.

Run them ALL again in normal mode if you have to, just make sure you run them. If you would rather do them in Safe Mode, choose enable VGA mode.

 

lol, OK I'll give it another go. I'll be back,

 

Good Luck!

Will be awaiting results!

 

I'm on the laptop now, the other one is in safe mode with networking. I'm getting lost, in safe mode with networking, than VGA mode?

 

lol

Just do the scans any way possible.

 

Is there a differance between VGA and normal other than screen size? lol, am I getting to ya yet? I'm starting to crack...

 

VGA Mode starts the computer in standard VGA mode by using the current video driver. This option helps you recover from distorted video displays caused by using incorrect settings for the display adapter or monitor.

Safe Mode loads the minimum set of device drivers and system services required to start Windows XP. User specific startup programs do not run.

Safe Mode with Networking includes the services and drivers needed for network connectivity. Safe mode with networking enables logging on to the network, logon scripts, security, and Group Policy settings. Nonessential services and startup programs not related to networking do not run.

 

OK, I'm running Trendmicro now in VGA mode, I'll run the rest again and touch base with ya in a little while. Thanks.

 

Good Luck!

 

Ok, I'm back, I am also scaaaaned out. lol. The only scan that seem to find anything was BidDefender, I saved the log it made too. All scans were in VGA mode. Thanks.

 

I put the HTML code into FrontPage for easier reading. It's here: http://www.mcd4x4.com/bitdefender_online_scanner.htm

 

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

Explorer1.exe


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.co m/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.co m
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.co m

F2 - REG:system.ini: Shell=Explorer1.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\Explorer1.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

I just checked and the "A BAD URL" thing is still there.

 

Have you completed all the steps in my previous fix?

 

No, I'll do it now you snuck that inbeteen my last 3. I'll Be Back.. The Explorer1.exe is the file I made for my start button. We hang on to that one. BRB

 

The file C:\WINDOWS\Explorer1.exe refers to the W32/Sdbot.worm

 

I edited the explorer.exe file a while back and saved it as Explorer1.exe. Then changed the registry to read that one instead of replacing it. Heres the new log.

Teh "A BAD URL......." is still there too.

 

First, I would like to add that modifying a copyrighted Windows file isnt exactly legal and is most likely a violation of the EULA Agreement. Its also not recommended as its not safe. I recommend restoring the original file to prevent any future problems.

Now, on to your problem allow me a moment to check your latest log.

 

Are you familiar with UltraMon?

 

I edited it to say my name on the start button. I didn't think anything of it. I'll switch them if you think it's a problem.

 

Yes, thats a program that does some cool stuff for the 4 monitor desktop. mostly a bunch of short cuts, make thing easier to do.

 

Okay! I dont see any further problems with Malware.

There are many other ways to do this, easier also


FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

After doing the above, reboot and see if problem remains!

 

Yes, I still get the "A BAD URL....." going in and out of e-bay listings. I checked it threw the AOL browser and it does not do it in there. I've also un and reinstalled IE last week and no change.

 

I use eBay as well and never experienced this, paste the entire URL here from a listing just so I can see exactly what your talking about.

 

If this is the case, couldnt we run DelDomains and go from there?

 

Heres a screen shot of the botton of the IE Browser page. Now right after this, it's as if it figures out the proper URL and redirects. But, by doing this it loses time.

http://www.mcd4x4.com/abadurl.htm

 

We'll give it a shot anyway!

Please download DelDomains and unzip it to your desktop. Do not run it yet.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

After doing this above, reboot and see if problem remains!

 

OK, I downloaded it to the desk top and installed. No window came up, just the hours glass briefly and that's it. Rebooted and it's still there.

 

Okay! Lets try the following.

Download the following programs if you currently do not have them installed.

SpyBot S&D

Ad-Aware SE

NOW:
Install both programs! Before doing any scans be sure you all have available updates!

Now run SpyBot S&D and have it fix everything it finds. After you finish scanning with SpyBot, run Ad-Aware SE.

Again be sure you have all available updates. Click Start and then check "Perform Full System Scan". Remove all found entries!

Make a note and post back what they find.

 

I checked both programs for updates, none. Both programs found nothing.

 

wow! those scans were fast.

For Ad-Aware SE are you running SE1R34 reference file?

 

Yes, it says: Definitions file SE1R34 23.03.2005 Loaded.

 

Okay!

Let's Go ahead and run Microsoft AS.

Download and install Microsoft® Windows AntiSpyware during the install make sure you get any updates BUT BEFORE YOU START THE SCAN: Print or save these instructions locally now because you will have to be disconnected with no browsers open in the following steps.

Please make sure ALL Browser Windows are Closed and also you should physically disconnect from the Internet by unplugging your cable. Do not reconnect or open a browser again until requested.

Now allow the Microsoft Antispyware program to run a full scan. After it completes, reboot again in normal boot mode and let me know how things stand now.

I need some sleep, will check back tomorrow.
Good Luck

 

Good morning, OK, downloaded the program and ran it off line. Same problem. I noticed the list of Restricted sites list is now empty. Isn't that a bad thing?

 

I see this in the Event Viewer in "Aplication" twice during the last reboot:

Windows saved user MCD4X4\Brian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

And these two in "System":

The Matrox WDM capture/crossbar driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Timeout (30000 milliseconds) waiting for a transaction response from the MGABGEXE service.

 

Those issues will need to be posted in the appropriate forum. I apologize for not being able to help with these but Im way to busy in the Spyware Forum.

About the eBay problem, I would post it in the Software Forum, if no success I would contact eBay directly.

Good Luck!

 

Which forum would the Event Viewer problem go in? Thanks for all the help. I do see the change in the PC.

 

The Software Forum.

 

http://www.geekstogo.com/forum/Can_t_access_Hotmail_account-t12982.html

Lomax at GeeksToGo figured it out!!

Simply disable immunize in Spybot and Voila!! Problem solved.

Good luck!!

 

Yes I did read it, but I don't know how to get in that area in SpyBot to remove it.