Hijack This log for my SIsters Computer

Status
Not open for further replies.

Technicalfault

Posts: 58   +1
My sisters computer has been acting weird recently, Ive followed all the steps Howard normally tells me to and this is the log left from that point. Please just check it over and tell me if all is well! thanks much!
 

Attachments

  • New Text Document.txt
    12.2 KB · Views: 7
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes and uninstall anything to do with(if there).

DAP
AWS\WeatherBug

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Locate the following services(if there) and double click on them, select stop if they are running and set the startup type to disabled. Click apply/ok, for each service you disable.

ISEXEng
npkcsvc

Close the services window.

Open your task manager and click on the processes tab. End process for(if there).

DAP.EXE
Weather.exe
soproc.exe
angelex.exe
npkcsvc.exe
UpdReg.EXE

Close task manager.

Click start/run and type regsvr32 /u C:\Program Files\DAP\dapbho.dll into the run box and press the enter key.

Run HJT with no other programmes open and have HJT fix the following(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dyndns.org/

F3 - REG:win.ini: run=

O1 - Hosts: 69.108.65.252 L2authd.lineage2.com

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - (no file)

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - (no file)

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll (file missing)

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [SOProc_DAP] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack DAP

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Fix ALL 016-DPF entries.

O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\npkcsvc.exe
C:\WINDOWS\system32\angelex.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\DAP\dapextie2.htm
C:\Program Files\DAP\dapextie.htm
C:\PROGRA~1\SOFTWA~1\soproc.exe -pack DAP
C:\Program Files\AWS\WeatherBug\Weather.exe 1
C:\Program Files\DAP\DAP.EXE" /STARTUP

Reboot into normal mode and turn system restore back on.

Regards Howard :)
 
Fresh Log

All done and Here is a fresh log if you need it, Also, My sister was wondering if it was ok if she got DAP and Weather bug back. We removed them like you said incase it was just that they were infected. Thanks!
 
Your sisters HJT log is now clean.

If you want to use a download manager, then I suggest using the Stardownloader from HERE. Much better than dap and no adds etc.

Stay away from Weatherbug. It places adware on your computer. If you really need a programme that contains no adware etc, then maybe get the Weatherpulse programme from HERE.

Regards Howard :)
 
Status
Not open for further replies.
Back