• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
noratx

Hijacker? dp.information.com

7 posts in this topic

I don't know if this is a hijacker, but it sure is annoying.

 

Wen i typing a URL that dosn't exist, i'll be redirected to dp.information.com.

 

I've been trying detect it with pestpartol, adaware and Hijackthis, but the programs doesn't detect this.

 

How do i get rid of this?

Share this post


Link to post
Share on other sites

Hi,

Download "Hijack This!"

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

 

Create a folder via Windows Explorer for HijackThis, unzip, then move the file (HijackThis.exe) to that folder. This way any backups created are saved in a legit folder.

 

Double-click "HijackThis.exe" and Press "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Click: "Save Log" (generates: "hijackthis.log")

 

Copy and Paste the entire log into your next post.

 

Note: do not attempt to "Fix" anything, as we need to see the entire log.

Also if you have any Startup items unchecked in Msconfig, uncheck those items, reboot, then post a fresh log. HijackThis can not "see" disabled items in Startup.

 

Hint: after posting your log click "Track this topic" at the top of the page, this way you will be notified (email) when a response is made to your post.

Share this post


Link to post
Share on other sites

Ok.

 

Her's my log.

 

Logfile of HijackThis v1.97.7

Scan saved at 14:32:53, on 2004-05-25

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashserv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WebLog Expert\WLESched.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\MSI\Live Update 2\LMonitor.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\ekort\ekort.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\Program Files\Canon\MultiPASS4\MPTBox.exe

C:\WINDOWS\LOGI_MWX.EXE

C:\Program Files\PestPatrol\PPMemCheck.exe

C:\PROGRA~1\ICQ\ICQ.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

H:\mircreal\mirc.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\TheBat\thebat.exe

C:\Documents and Settings\noratx\SendTo\NOTEPAD.EXE

C:\Program Files\GlobalSCAPE\CuteFTP Pro\cftppro.exe

C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe

C:\Program Files\Microsoft Visual Studio\VB98\vb6.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Wise for Windows Installer\wfwi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\radioseven miniplayer\Radioseven miniplayer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\hijackthis.exe

 

R3 - URLSearchHook: (no name) - éVÕwˆú - (no file)

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe

O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [ekort] C:\Program Files\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE

O4 - HKLM\..\Run: [TVTool] "C:\Program Files\TVTool 9.6\TVTool.exe"

O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP 7.1\NbkCtrl.exe"

O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe"

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Global R&D\NetGuru] C:\PROGRA~1\NetGuru\NetGuru.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Trace (HKLM)

O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)

O9 - Extra button: e-kort (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/e...iscomsigned.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8012.3775347222

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F0B63C6D-4CDB-11D3-8CE6-CA9CFC28F360} (ZoomObj Class) - http://www.inzomia.com/files/inzomia.exe

 

 

Hope this helps you.. =)

Share this post


Link to post
Share on other sites

Hi,

1) Restart in Safe Mode (see "How To:" below)

2) Enable Hidden Files (see "How To:" below)

 

Locate and delete the following:

 

C:\Program Files\Power Scan <--this folder

 

While still in Safe Mode:

Close all open windows, rescan with HijackThis and "Fix checked" the following:

 

R3 - URLSearchHook: (no name) - éVÕwˆú - (no file)

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

 

Restart normally and then ...

 

Download the latest version of Ad-Aware:

http://www.lavasoft.de/software/adaware/

 

After installing AAW, and before running the program.

 

Reconfigure Ad-Aware for Full Scan:

Please update the reference file following the instructions here:

http://www.lavahelp.com/howto/updref/index.html

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button.

Under "Log-file detail", select all options.

Click the "Tweaks" button.

 

Under "Scanning Engine", select the following:

"Include additional Ad-aware settings in logfile" and

"Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on 'Proceed' to save these Preferences.

Please make sure that you activate IN-DEPTH scanning before you proceed.

 

After the above post a fresh log ...

Share this post


Link to post
Share on other sites

That didn't helped.. =(

 

Here's the fresh log.

 

Logfile of HijackThis v1.97.7

Scan saved at 20:37:22, on 2004-05-25

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashserv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program Files\NovaStor\NovaBACKUP 7.1\NSENGINE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WebLog Expert\WLESched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\MSI\Live Update 2\LMonitor.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\ekort\ekort.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\Program Files\Canon\MultiPASS4\MPTBox.exe

C:\WINDOWS\LOGI_MWX.EXE

C:\Program Files\NovaStor\NovaBACKUP 7.1\NbkCtrl.exe

C:\PROGRA~1\ICQ\ICQ.exe

C:\Program Files\PestPatrol\PPMemCheck.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

H:\mircreal\mirc.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\hijackthis.exe

 

R3 - URLSearchHook: (no name) - éVÕwˆú - (no file)

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe

O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [ekort] C:\Program Files\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE

O4 - HKLM\..\Run: [TVTool] "C:\Program Files\TVTool 9.6\TVTool.exe"

O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP 7.1\NbkCtrl.exe"

O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe"

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Global R&D\NetGuru] C:\PROGRA~1\NetGuru\NetGuru.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Trace (HKLM)

O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)

O9 - Extra button: e-kort (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/e...iscomsigned.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8012.3775347222

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F0B63C6D-4CDB-11D3-8CE6-CA9CFC28F360} (ZoomObj Class) - http://www.inzomia.com/files/inzomia.exe

 

As you can see, i didn't get rid of:

R3 - URLSearchHook: (no name) - éVÕwˆú - (no file)

 

But i did get rid of the:

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

 

though, the problem is still there...

Edited by noratx

Share this post


Link to post
Share on other sites

Hi,

Unless you know what these are, have HijackThis "fix" the following:

 

R3 - URLSearchHook: (no name) - éVÕwˆú - (no file)

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O4 - HKLM\..\Run: [ekort] C:\Program Files\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [TVTool] "C:\Program Files\TVTool 9.6\TVTool.exe"

O9 - Extra button: e-kort (HKLM)

 

Next, Internet Options | Programs [tab]

Click "Reset Web Settings" [button], click Apply\Ok

 

Reboot and post a fresh log ...

Share this post


Link to post
Share on other sites

I know what they are, except for that "URLSearchHook".

That one dosn't go away when i try fix it in HJT.

But i'll try reset the websettings and see if that works...

 

Otherwise, i'll have to live with it... =(

 

Edit: Hmm.. wierd, this time it helped to reset the websettings.

I tried that before i came here, and it didn't worked then....

 

But thank you WinHelp2002 for your time and help. =)

 

/Rickard

Edited by noratx

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0