HijackThis Log

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,980
New PC, haven't done anything to it yet, AV and firewall have been active since I got the damn thing ... Porn has taken over :mad: , I'm using FF and a new tab keeps opening with a porn site. Can you all tell me what I need to get rid of? AV runs clean, finds no virus, SpyBot runs clean also. HELP ME PLEASE!!
 

Attachments

  • hijackthis_Jewelzz.txt
    6.8 KB · Views: 136
YazzleActiveX Control - Uninstall the ActiveX control through Internet Options

This also stands out... C:\PROGRAM FILES\OEIL\NCMA.EXE

Is "mHotkey.exe" one of your PC applications for your keyboard?
 
madmatt said:
YazzleActiveX Control - Uninstall the ActiveX control through Internet Options

This also stands out... C:\PROGRAM FILES\OEIL\NCMA.EXE

Is "mHotkey.exe" one of your PC applications for your keyboard?
You're talking to an idiot, please explain :s

[edit] As for mHotkey.exe, dunno. I have a MS keyboard *shrug* [/edit]
 
Last edited:
If you check the box next to the entry within Hijackthis and then select remove, it will remove the item as well.

Matt's suggestion may be more efficient, but that is easier :p
 
mhotkey is a device driver for a keyboard.

Have HJT fix this
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control)
 
Please remember in your suggestions.....................Jewelzz is an IDIOT! :p
 
Jewelzz said:

Dont cry Jewelzz, just look at the name of the person calling you an idiot

Makes me think of a kettle calling the pot black...:laugh:
 
Hipster Doofus said:
Please remember in your suggestions.....................Jewelzz is an IDIOT! :p
Not cool, and not even close to being relevant.

Why post that at all?
 
Ok Jewelzz, do the following:

Have HJT fix:

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Ealb] "C:\Program Files\oeil\ncma.exe" -vt yax
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: winueb32 - C:\WINDOWS\SYSTEM32\winueb32.dll

Reboot into safemode and delete the following:

1) Entire contents of C:\Windows\Temp
2) Entire contents of C:\Docs and Settings\<username>\Local Settings\Temp
3) The folder C:\Program Files\oeil\

Reboot into normal mode again, download and install ewido security suite and follow the directions:

1. Download Ewido security suite from http://download.ewido.net/ewido-setup.exe
2. After the download is complete, double click on the file to launch the install process.
3. During installation under the Additional Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.
4. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.
5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.
6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
8. On the main screen, please select 'Complete System Scan' and the scan should begin.
9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK
10. When the scan is complete, click "Save Report". Your scan results will be saved in a textfile. Please submit that with your next post.

Please also post a new HJT log along with the ewido report.
 
Thanks for the help guys! j79zlr, I'll get to your stuff later, have a few things to get done today.
 
OK, here's the other log j79zlr asked for.
 

Attachments

  • Scan report_20060308.txt.txt
    10.9 KB · Views: 131
Looks like there was a bunch of stuff it cleaned during that last scan:

Code:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\srvlbin5[2].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\rdgUS2405[1].exe -> Downloader.Small.ayl : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\srvlbin5[2].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\srvlbin5[3].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\mvlsbin2[1].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\srvlbin4[1].exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\Program Files\oeil\ncma.exe -> Downloader.PurityScan.bu : Cleaned with backup
 C:\WINDOWS\system32\oins.exe -> Dropper.PurityScan.ad : Cleaned with backup
 C:\WINDOWS\Temp\win22.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3B3.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3B9.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3BE.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3C2.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win3D0.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win47.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win67B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win6A.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win7BB.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win7C0.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\Temp\win7C4.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
 C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup
 
That is really crappy though. Free trojan with a computer.

Actually it reminds me of when we got a laptop 3-4 years ago from IBM. Came loaded with a boot sector virus.

If you haven't done anything with it yet, why not just take it back to them and get another one?
 
That looks like it should have cleaned everything, please post a new HijackThis log as well.

Case in point as to why not to use Internet Explorer.
 
j79zlr said:
That looks like it should have cleaned everything, please post a new HijackThis log as well.

Case in point as to why not to use Internet Explorer.

Not guarenteed that she used IE. Might have been planted by the people who built the computer, depending on where it came from.

Glad to hear it's looking better Jewelzz. I agree with Omar, you should contact the bums who sold you that computer and tear them a new one.
 
New HijackThis log ...

I'll definately be contacting the place where I purchased it and bitch them out. Thanks for all the help guys :)
 

Attachments

  • hijackthis_030806.txt
    5.7 KB · Views: 94

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back