• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

HijackThis Log

Jewelzz

OSNN Godlike Veteran
#1
New PC, haven't done anything to it yet, AV and firewall have been active since I got the damn thing ... Porn has taken over :mad: , I'm using FF and a new tab keeps opening with a porn site. Can you all tell me what I need to get rid of? AV runs clean, finds no virus, SpyBot runs clean also. HELP ME PLEASE!!
 

Attachments

madmatt

Bow Down to the King
Political User
#2
YazzleActiveX Control - Uninstall the ActiveX control through Internet Options

This also stands out... C:\PROGRAM FILES\OEIL\NCMA.EXE

Is "mHotkey.exe" one of your PC applications for your keyboard?
 

Jewelzz

OSNN Godlike Veteran
#3
madmatt said:
YazzleActiveX Control - Uninstall the ActiveX control through Internet Options

This also stands out... C:\PROGRAM FILES\OEIL\NCMA.EXE

Is "mHotkey.exe" one of your PC applications for your keyboard?
You're talking to an idiot, please explain :s

[edit] As for mHotkey.exe, dunno. I have a MS keyboard *shrug* [/edit]
 
Last edited:

kcnychief

█▄█ ▀█▄ █
Political User
#4
If you check the box next to the entry within Hijackthis and then select remove, it will remove the item as well.

Matt's suggestion may be more efficient, but that is easier :p
 

falconguard

Carbon based lifeform
Political User
#5
mhotkey is a device driver for a keyboard.

Have HJT fix this
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control)
 

j79zlr

Glaanies script monkey
Political User
#13
Ok Jewelzz, do the following:

Have HJT fix:

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Ealb] "C:\Program Files\oeil\ncma.exe" -vt yax
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: winueb32 - C:\WINDOWS\SYSTEM32\winueb32.dll

Reboot into safemode and delete the following:

1) Entire contents of C:\Windows\Temp
2) Entire contents of C:\Docs and Settings\<username>\Local Settings\Temp
3) The folder C:\Program Files\oeil\

Reboot into normal mode again, download and install ewido security suite and follow the directions:

1. Download Ewido security suite from http://download.ewido.net/ewido-setup.exe
2. After the download is complete, double click on the file to launch the install process.
3. During installation under the Additional Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.
4. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.
5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.
6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
8. On the main screen, please select 'Complete System Scan' and the scan should begin.
9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK
10. When the scan is complete, click "Save Report". Your scan results will be saved in a textfile. Please submit that with your next post.

Please also post a new HJT log along with the ewido report.
 

kcnychief

█▄█ ▀█▄ █
Political User
#16
Looks like there was a bunch of stuff it cleaned during that last scan:

Code:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\srvlbin5[2].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\rdgUS2405[1].exe -> Downloader.Small.ayl : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\srvlbin5[2].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\srvlbin5[3].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\mvlsbin2[1].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\srvlbin4[1].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Program Files\oeil\ncma.exe -> Downloader.PurityScan.bu : Cleaned with backup
 C:\WINDOWS\system32\oins.exe -> Dropper.PurityScan.ad : Cleaned with backup
 C:\WINDOWS\Temp\win22.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3B3.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3B9.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3BE.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3C2.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3D0.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win47.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win67B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win6A.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win7BB.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win7C0.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win7C4.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup
 

Grandmaster

Electronica Addict
Political User
#17
That is really crappy though. Free trojan with a computer.

Actually it reminds me of when we got a laptop 3-4 years ago from IBM. Came loaded with a boot sector virus.

If you haven't done anything with it yet, why not just take it back to them and get another one?
 

j79zlr

Glaanies script monkey
Political User
#18
That looks like it should have cleaned everything, please post a new HijackThis log as well.

Case in point as to why not to use Internet Explorer.
 

kcnychief

█▄█ ▀█▄ █
Political User
#19
j79zlr said:
That looks like it should have cleaned everything, please post a new HijackThis log as well.

Case in point as to why not to use Internet Explorer.
Not guarenteed that she used IE. Might have been planted by the people who built the computer, depending on where it came from.

Glad to hear it's looking better Jewelzz. I agree with Omar, you should contact the bums who sold you that computer and tear them a new one.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,962
Messages
673,248
Members
89,017
Latest member
Seggar