TechSpot

Hijack this log!

By maki_pg
Mar 22, 2007
  1. Hi!
    I would be gratefull if you can help me with this Hijack log (it is in attachment), to suggest me if there is something to remove.

    Thanx in advance!
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    It seems like there is just a bunch of adware, maybe a little spyware, infections, in which case you might as well not reformat.

    Anyway, have HJT fix these entries (if there):

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cg.ac.yu:8080<--fix this only if you didn't set this proxy yourself or if you don't know what it is

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 89.188.32.*;<local><--fix this only if you didn't set this proxy yourself or if you don't know what it is

    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

    Now go into Add/Remove programs in Control Panel and delete anything relating to DAP or the DAP toolbar.

    Now boot into safe mode, under your normal user name (not the administrator account). See how HERE.

    Go into C:\Program Files and delete the entire DAP folder (if there).

    Now reboot into normal mode.

    Finally, please read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, Combofix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of maki_pg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  3. maki_pg

    maki_pg TS Rookie Topic Starter

    Re:

    Hi Kitty,

    Thank you very much for your reply and welcome note!
    I followed all instructions in your reply, it took some time to finish all that, and here are all results/reports in attachments.

    Notes:
    - I couldn't perform complete scan with online scanner from your instructions
    - Tool4 :Look2Me-Destroyer - also couldn't be performed
    - AVG anti-rootkit report had no files


    Waiting for your answer and additional instructions/suggestions!


    All the best,
    Maki
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Your HJT log is clean with the exception of a few things I wasn't sure about.

    Do you know anything about the following entries? It seems they might belong to a university Internet connection or something; if they don't belong to your ISP or your university, you should delete them:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cg.ac.yu:8080

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 89.188.32.*;<local>

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B229583-C1D7-41C3-9352-22A9D50CE044}: NameServer = 89.188.32.60,89.188.32.20

    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B229583-C1D7-41C3-9352-22A9D50CE044}: NameServer = 89.188.32.60,89.188.32.20

    Other than that, all your logs are clean. :)

    If you have any more virus/spyware problems, please post in this thread.

    Regards :)

    This thread is for the use of maki_pg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  5. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    Nice work Kitty. Howard needs help :)
     
  6. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Thanks.

    It seems there are a lot more Security and the Web threads right now, and there's definitely some nasty malware around too. Sometimes, when I'm reading a log, I'm not sure whether to laugh or just cry. :(

    This one wasn't heavily infected though. :)

    Regards :)
     
  7. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    Yeah, I understand that horrible feeling :(
     
  8. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Like trying to clean my brother's laptop...anyway, we better let maki_pg have his thread back...:)
     
  9. maki_pg

    maki_pg TS Rookie Topic Starter


    Hi! Thanx once again :)
    Yes, that is a University Internet connection.
    I just wanted to ask if it is enough/too much to be protecetd with Kaspersky, Zone Alarm and AVG Antispyware? Can all this low pc performance? Should I check Resident shield in AVG AS check as active?

    @kitty500cat - Like trying to clean my brother's laptop...anyway, we better let maki_pg have his thread back...

    Juest easy, I'm not so possesive :D


    Regards from Montenegro!
     
  10. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    No, that's fine to be protected with all of them, unless Kaspersky has an integrated firewall; then you probably wouldn't have to use ZoneAlarm.

    I think you don't need to have the resident shield enabled in AVG AS.

    It is recommended to run Spybot - Search & Destroy and Ad-aware SE Personal as well. You don't need to have any of their active shields enabled, but it's good to have them to scan with whenever you need them.

    Regards :)

    This thread is for the use of maki_pg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. maki_pg

    maki_pg TS Rookie Topic Starter

    Re:

    Thanx :)

    I have one more HJT log, from my home pc. Can you look at, is there anything to fix?

    Regards,
    Maki
     
  12. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    That HijackThis log is clean. :)

    If you have any more virus/spyware problems, please post in this thread.

    Regards :)
     
  13. maki_pg

    maki_pg TS Rookie Topic Starter

    Thanx once again! :wave:

    All the best,
    Maki
     
  14. maki_pg

    maki_pg TS Rookie Topic Starter

    New HJT log

    Hi!
    I have a new log (from another home pc), can you check it please?


    Thanks!

    Regards,
    Maki!
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your HJT log is clean mate.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :wave: :wave:

    BTW: Well done kitty500cat ;)

    This thread is for the use of maki_pg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Thanks, Howard. :)

    Isn't DAP adware though?
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Dap used to be add supported, but as far as I`m aware, that`s no longer the case. However, I stand to be corrected on that, if anyone knows better.

    Regards Howard :)
     
  18. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    I think the free version is still ad supported :(
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Thanks wolfram. It appears you`re quite right. the free version is still add supported.

    In that case maki_pg should get rid of it and use another download manager such as the Stardownloader.

    Regards Howard :)
     
  20. maki_pg

    maki_pg TS Rookie Topic Starter

    Hi! Thank you all!
    In some of earlier hjt logs I also removed DAP (I don't use it). So, should I remove with HiJack all referencing to DAP?
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    DAP

    Close control panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\DAP

    Reboot your computer.

    Regards Howard :)

    This thread is for the use of maki_pg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. maki_pg

    maki_pg TS Rookie Topic Starter

    Hi! I done all that you said. This is a new log.


    Regards,
    Maki
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s a clean HJT log.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of maki_pg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. maki_pg

    maki_pg TS Rookie Topic Starter

    Thanx once again!

    Best regards,
    Ivana
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...