TechSpot

Hijack This log for my SIsters Computer

By Fukurou
May 1, 2006
  1. My sisters computer has been acting weird recently, Ive followed all the steps Howard normally tells me to and this is the log left from that point. Please just check it over and tell me if all is well! thanks much!
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes and uninstall anything to do with(if there).

    DAP
    AWS\WeatherBug

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Locate the following services(if there) and double click on them, select stop if they are running and set the startup type to disabled. Click apply/ok, for each service you disable.

    ISEXEng
    npkcsvc

    Close the services window.

    Open your task manager and click on the processes tab. End process for(if there).

    DAP.EXE
    Weather.exe
    soproc.exe
    angelex.exe
    npkcsvc.exe
    UpdReg.EXE

    Close task manager.

    Click start/run and type regsvr32 /u C:\Program Files\DAP\dapbho.dll into the run box and press the enter key.

    Run HJT with no other programmes open and have HJT fix the following(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dyndns.org/

    F3 - REG:win.ini: run=

    O1 - Hosts: 69.108.65.252 L2authd.lineage2.com

    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - (no file)

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - (no file)

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll (file missing)

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O4 - HKCU\..\Run: [SOProc_DAP] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack DAP

    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    Fix ALL 016-DPF entries.

    O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)

    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\npkcsvc.exe
    C:\WINDOWS\system32\angelex.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\DAP\dapextie2.htm
    C:\Program Files\DAP\dapextie.htm
    C:\PROGRA~1\SOFTWA~1\soproc.exe -pack DAP
    C:\Program Files\AWS\WeatherBug\Weather.exe 1
    C:\Program Files\DAP\DAP.EXE" /STARTUP

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
     
  3. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    Fresh Log

    All done and Here is a fresh log if you need it, Also, My sister was wondering if it was ok if she got DAP and Weather bug back. We removed them like you said incase it was just that they were infected. Thanks!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your sisters HJT log is now clean.

    If you want to use a download manager, then I suggest using the Stardownloader from HERE. Much better than dap and no adds etc.

    Stay away from Weatherbug. It places adware on your computer. If you really need a programme that contains no adware etc, then maybe get the Weatherpulse programme from HERE.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...