| Author | Thread |
|
|
06/22/2005 12:50:45 AM · #1 |
Recently ads have been loading on the dpc main page (and elsewhere on the site) everytime the page is loaded. They seem to take the place of random dpc thumbmails, and it is really quite annoying. Is this happening because I'm only a registered user and not yet a member? Or this spyware on my computer? Does anyone have the slightest idea of what is going on?
Screenshot of my main screen
|
|
|
|
06/22/2005 12:52:22 AM · #2 |
Spyware/adware issue.
Download and run "SpyBot Search and Destroy" and "Adaware." |
|
|
|
06/22/2005 12:52:42 AM · #3 |
i think its something at your end - i'm a free user and i've never seen such on my screen.
|
|
|
|
06/22/2005 12:54:13 AM · #4 |
Members don't get banners and/or ads... not seeing a problem here. Try deleting your dpc cookies and internet cache...see if that helps.
|
|
|
|
06/22/2005 12:55:09 AM · #5 |
|
|
|
06/22/2005 01:01:47 AM · #6 |
I've already got them, but it's been a while since I've scanned. I just ran Spybot, but it didn't pick up anything other than a few tracking cookies....I'm running Adaware now, hopefully that picks it up.
|
|
|
|
06/22/2005 01:10:11 AM · #7 |
Originally posted by justin_hewlett:
I've already got them, but it's been a while since I've scanned. I just ran Spybot, but it didn't pick up anything other than a few tracking cookies....I'm running Adaware now, hopefully that picks it up. |
Adaware and Spybot both just released new version, so I would reccomend using Download.com to get Adaware 1.06 and Spybot 1.4 (unless your really sure that those are the versions you have currently) becasue they stop supporting and releasing updates for the program older versions (at least I know Spybot has).
Also, before you run a scan, delete all of your temporary internet files through Internet Options, and turn off System Restore (malicious files can hide in the backups.)
You might also want to update and run your Anti-Virus program, as something that is messing that much with the webpages you view could be more than just spy/addware.
|
|
|
|
06/22/2005 01:11:04 AM · #8 |
| If that doesn't pick it up, you're going to have to try something a bit more advanced. I had this same problem and finally fixed it with a program called "hijack this," which happens to be a little dangerous to use (if you aren't experienced enough with computers, you can accidentally get rid of crucial system files). If you have to move ahead with something like "hijack this," I can walk you through it if you need assistance. |
|
|
|
06/22/2005 01:20:21 AM · #9 |
Adaware also didn't pick up anything other than tracking cookies. I'm going to turn off system restore and delete my temporary internet files and try scanning again....
Also, if it helps, it only happens in IE. I loaded the page in firefox and no problems there.
Message edited by author 2005-06-22 01:20:55.
|
|
|
|
06/22/2005 01:42:28 AM · #10 |
Originally posted by justin_hewlett:
Adaware also didn't pick up anything other than tracking cookies. I'm going to turn off system restore and delete my temporary internet files and try scanning again....
Also, if it helps, it only happens in IE. I loaded the page in firefox and no problems there. |
Yep, it's an IE hijack. |
|
|
|
06/22/2005 02:12:20 AM · #11 |
I've updated everything and done everything recommended. Still nothing comes up...
Originally posted by thewriterside:
If that doesn't pick it up, you're going to have to try something a bit more advanced. I had this same problem and finally fixed it with a program called "hijack this," which happens to be a little dangerous to use (if you aren't experienced enough with computers, you can accidentally get rid of crucial system files). If you have to move ahead with something like "hijack this," I can walk you through it if you need assistance. |
I'm thinking this will be my only option now. If you could still provide a walkthrough that would be great. Just let me know if you can help, thanks.
|
|
|
|
06/22/2005 02:23:24 AM · #12 |
Okay, first, I forgot one thing to try before hijack this- CWShredder, which is another program that searches specifically for hijacks. It's almost easier to operate than adaware. //www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
If that doesn't work, download hijack this- //files4.majorgeeks.com/files/fbc32e91518e668c5c8da775c9d4bf1d/spyware/hijackthis.zip
After you start the program-
1) click "Do a system scan and save a log file"
2) After the list fully compiles, a text document will popup with that list.
3) Email that file to me (the.writer.side@gmail.com) or copy and paste it into a post here. I'll go thru list and tell you what to select to delete when you run hijack this a second time. |
|
|
|
06/22/2005 02:26:47 AM · #13 |
Ok, here's the log...
Logfile of HijackThis v1.99.1
Scan saved at 12:25:23 AM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\DELLMO~1\MOH.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\agentsvr.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = //my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = //my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = //www.dpchallenge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = //my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = //my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = //www.dpchallenge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = //my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = //my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = //my.netzero.net/s/sp?r=al&cf=sp&mem=mikehewlett&key=b3486ef1b261db9af24fcac663744e50&ts=4233c61d&A=420412540000029&B=1063954800000&C=1063954800000&D=1077696000000&I=7.NQ4&N=PLHS&O=A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\MOH.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - //www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - //go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - //www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - //zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - //fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3966A8C-3B29-499C-8B20-C574E509F9C6}: NameServer = 64.136.28.120 64.136.20.120
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
|
|
06/22/2005 02:45:21 AM · #14 |
Got a few questions before I tell you which ones to delete...
1) Do you or any other users of the computer use a program called "Modem On Hold?"
2) Do you use Net Zero? |
|
|
|
06/22/2005 02:50:32 AM · #15 |
Originally posted by thewriterside:
Got a few questions before I tell you which ones to delete...
1) Do you or any other users of the computer use a program called "Modem On Hold?"
2) Do you use Net Zero? |
Yes to both, we use Netzero for internet access, and Modem on Hold for answering the phone while on the internet.
Message edited by author 2005-06-22 03:01:15.
|
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2026 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 01/07/2026 03:52:05 AM EST.
