Solved

Log File

Posted on 2009-05-12
5
373 Views
Last Modified: 2013-12-06
Hi,
Ive got a PC  - Can't update virus software, can go to any security sites ... I'm attaching the Hijackthis Log File.

Thanks
log01.txt
0
Comment
Question by:mberman1012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 500 total points
ID: 24364985
These entries can be removed but are not threats.
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe

These entries need to be removed!
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es

Neutral entries. Remove if you do not there source.
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent

Must be removed!
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Remove if you do not know the source of these entries.
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

Your log file is clean other than what I have listed.  I suggest booting into Safe Mode (F8 at startup) and then removing these entries.
I recommend downloading and updating Malwarebytes.
You can get it free from www.Malwarebytes.org
Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
If the above steps fail to remove the threat,
you may need to download and run Combofix.
The free download and directions can be located here.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
As noted in the directions, prior to running Combofix or any other anti-malware/anti-virus application please stop your anti-virus and anti-malware programs. Combofix should be saved to and run from your desktop.
You should rename the anti-malware suites to a different name prior to downloading as some threats can prevent them from running with their default names.

0
 
LVL 27

Expert Comment

by:David-Howard
ID: 24365003
One more thing. If you cannot download malwarebytes or combofix directly to your system, you can download them on to a thumbdrive or other type of media from another system and then install on your pc.
You might also try logging on to your system under a different profile/user ID as some malware only affects the profile for which it was loaded under. Meaning, if you can log on as a different user you  may be able to visit and download the applications that I mentioned.
0
 

Author Comment

by:mberman1012
ID: 24366238
Removed host and reg. entries. Running malwarebytes now. Will let you know how it goes.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24372009
This entry below is really bad, need fixing and delete the file, or just run combofix.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24372073
@ David-Howard:
This is the only entry in your 'Must Removed!" line that is bad, the others are legit.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Mind telling us what's your reason of removing this legit entry? He needs that to organize, edit, and share his videos." )
023 lines are very crucial entries, legit ones should be left alone unless there's a very good reason for removing it(as in a redundant service where the program is no longer installed).
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question