Home > Hjt Logfile > HJT Logfile Please Help IMISERVER

HJT Logfile Please Help IMISERVER

Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band.1 ImIServer IEPlugin Object Recognized! This should open up the temp directory that your machine uses. Then you will be asked to reboot your computer; please do so. I scanned my computer with Trend Micro Anti-Spyware, E-trust Pest Control and Trend Micro House Call all of which I had on my system. http://softsystechnologies.com/hjt-logfile/hjt-logfile-10-14-09.html

Location: : S-1-5-21-1614895754-746137067-1177238915-1000\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Thanks in advance to anyone who can help me! Here's the log: Logfile of HijackThis v1.99.1 Scan saved at 8:19:42 PM, on 8/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe Several functions may not work.

Event Record #/Type24388 / Error Event Submitted/Written: 10/25/2007 02:24:03 PM / 10/25/2007 02:24:13 PM Event ID/Source: 7 / Disk Event Description: The device, \Device\Harddisk0\D, has a bad block. I also, had followed the previous instruction from MFDnNC before seeing your response so I've also included the HJT log at the end of this post. Event Record #/Type3934 / Error Event Submitted/Written: 10/25/2007 09:36:57 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application rundll32.exe, version 5.1.2600.0, hang module drprov.dll, version 5.1.2600.0, hang address 0x000010ac. Accessing and setup of a Wireless Gateway Find everything you need to know about setting up your wireless gateway.

Type : IECache Entry Data : antonio [email protected][2].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized! Once extracted, open the folder and double click on the LSAfix.reg file and select Yes when prompted to merge it into the registry. Please help. Type : File Data : /winnt/downloaded program files/mm20.ocx Category : Malware Comment : Object : c:\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : DemoCtla CompanyName : df InternalName : mm20

I then tried system restore but the only restore point available was for the day the unwanted program had installed (10/17/07). It is a folder containing a Registry Entries file, LSAfix.reg . Advanced Member 20,006 posts Location:O RLY? Attached Files: LSAfix.zip File size: 240 bytes Views: 2 JSntgRvr, Oct 26, 2007 #12 Beuford Thread Starter Joined: Oct 20, 2007 Messages: 13 JSntgRvr, Heres the logs you asked for... (only

Type : RegData Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id=" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-746137067-1177238915-1000\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id=" Possible Once the desktop loads please post the text that will open (report.txt) You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, I am an XFINITY Forum Expert and I am here to help.We ask that you post publicly so people with similar questions may benefit.Was your question answered? Please download the Nailfix utility.

Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O8 - Extra context menu item: &Yahoo! Type : IECache Entry Data : antonio [email protected][2].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized! Let me know if the problem is still there. It crashed as I was saving the report file.

Note: You must be logged onto an account with administrator privileges. http://softsystechnologies.com/hjt-logfile/hjt-logfile-rajy-c.html Does anything still show up in either of those scans? Volume Serial Number is 9CD7-C384 Directory of C:\WINDOWS\System32\oTt02e 10/19/2007 07:07 PM

. 10/19/2007 07:07 PM .. 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 2 Dir(s) I think we'll start with some tools and see if we can't take the repair list down a bit. 1.

For information on the program click here.We ask that you post publicly so people with similar questions may benefit from the conversation.Was your question answered? Type : IECache Entry Data : antonio [email protected][1].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized! Location: : C:\Documents and Settings\Antonio Hernandez\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! navigate here I don't want to re-image the comp.. 08-21-2004, 01:02 PM #4 tonyhernandez Registered Member Join Date: Aug 2004 Posts: 9 OS: 2000 some one please help

For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml Once in Safe Mode, please double-click on Nailfix.cmd. Then please reboot once more and post a new log. __________________ Donations keep TSF moving forward. Next please run HijackThis, click Scan, and check: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Close all open windows except for HijackThis and click Fix Checked.

Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ SMITFRAUD: SmitFraudFix v2.241 Scan done at 9:29:51.58, Thu 10/25/2007 Run from C:\Documents and

Location: : S-1-5-21-1614895754-746137067-1177238915-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Type : IECache Entry Data : antonio [email protected][2].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized! Lawrence Abrams Don't let BleepingComputer be silenced. Type : IECache Entry Data : antonio [email protected][2].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized!

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 If the files are too long, attach them to a reply: Scroll down and click the [Manage Attachments] button Browse to the following folder: C:\Deckard\System Scanner Click Upload to upload these Flag Permalink This was helpful (0) Back to Spyware, Viruses, & Security forum 8 total posts Popular Forums icon Computer Help 51,912 discussions icon Computer Newbies 10,498 discussions icon Laptops 20,411 http://softsystechnologies.com/hjt-logfile/hjt-logfile-1st-scan.html Location: : C:\Documents and Settings\Antonio Hernandez\recent Description : list of recently opened documents Started Tracking Cookie scan Tracking Cookie Object Recognized!

Type : IECache Entry Data : antonio [email protected][1].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized! After running Ad-Aware the most recent time, here is the quarantine list:ArchiveData(auto-quarantine- 2005-06-02 00-42-16.bckp)Referencefile : SE1R49 31.05.2005======================================================IMISERVER IEPLUGIN Discussion is locked Flag Permalink You are posting a reply to: Undeletable VX2 Choose your usual account. A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.

c\p the HJTlog as well as the log from the Ewido scan and post it IN the HJT forum which you can find here.post your HJT logs in one of the Windows automatically looks for the existence of a HOSTS file and if found, checks the HOSTS file first for entries to the web page you just requested. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, While still in safe mode .....show hidden files and folders again.

Select the Tools menu and click Folder Options. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... Lawrence Abrams Don't let BleepingComputer be silenced. Just remember, killing someone is frowned upon in most jurisdictions.

Type : IECache Entry Data : antonio [email protected][1].txt Category : Data Miner Comment : Cookie:antonio [email protected]/ Value : Cookie:antonio [email protected]/ Tracking Cookie Object Recognized!