Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Log File

Posted on 2009-05-12
5
Medium Priority
?
386 Views
Last Modified: 2013-12-06
Hi,
Ive got a PC  - Can't update virus software, can go to any security sites ... I'm attaching the Hijackthis Log File.

Thanks
log01.txt
0
Comment
Question by:mberman1012
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 2000 total points
ID: 24364985
These entries can be removed but are not threats.
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe

These entries need to be removed!
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es

Neutral entries. Remove if you do not there source.
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent

Must be removed!
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Remove if you do not know the source of these entries.
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

Your log file is clean other than what I have listed.  I suggest booting into Safe Mode (F8 at startup) and then removing these entries.
I recommend downloading and updating Malwarebytes.
You can get it free from www.Malwarebytes.org
Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
If the above steps fail to remove the threat,
you may need to download and run Combofix.
The free download and directions can be located here.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
As noted in the directions, prior to running Combofix or any other anti-malware/anti-virus application please stop your anti-virus and anti-malware programs. Combofix should be saved to and run from your desktop.
You should rename the anti-malware suites to a different name prior to downloading as some threats can prevent them from running with their default names.

0
 
LVL 27

Expert Comment

by:David-Howard
ID: 24365003
One more thing. If you cannot download malwarebytes or combofix directly to your system, you can download them on to a thumbdrive or other type of media from another system and then install on your pc.
You might also try logging on to your system under a different profile/user ID as some malware only affects the profile for which it was loaded under. Meaning, if you can log on as a different user you  may be able to visit and download the applications that I mentioned.
0
 

Author Comment

by:mberman1012
ID: 24366238
Removed host and reg. entries. Running malwarebytes now. Will let you know how it goes.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24372009
This entry below is really bad, need fixing and delete the file, or just run combofix.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24372073
@ David-Howard:
This is the only entry in your 'Must Removed!" line that is bad, the others are legit.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Mind telling us what's your reason of removing this legit entry? He needs that to organize, edit, and share his videos." )
023 lines are very crucial entries, legit ones should be left alone unless there's a very good reason for removing it(as in a redundant service where the program is no longer installed).
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question