Solved

Log File

Posted on 2009-05-12
5
321 Views
Last Modified: 2013-12-06
Hi,
Ive got a PC  - Can't update virus software, can go to any security sites ... I'm attaching the Hijackthis Log File.

Thanks
log01.txt
0
Comment
Question by:mberman1012
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 500 total points
Comment Utility
These entries can be removed but are not threats.
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe

These entries need to be removed!
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es

Neutral entries. Remove if you do not there source.
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent

Must be removed!
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Remove if you do not know the source of these entries.
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

Your log file is clean other than what I have listed.  I suggest booting into Safe Mode (F8 at startup) and then removing these entries.
I recommend downloading and updating Malwarebytes.
You can get it free from www.Malwarebytes.org
Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
If the above steps fail to remove the threat,
you may need to download and run Combofix.
The free download and directions can be located here.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
As noted in the directions, prior to running Combofix or any other anti-malware/anti-virus application please stop your anti-virus and anti-malware programs. Combofix should be saved to and run from your desktop.
You should rename the anti-malware suites to a different name prior to downloading as some threats can prevent them from running with their default names.

0
 
LVL 27

Expert Comment

by:David-Howard
Comment Utility
One more thing. If you cannot download malwarebytes or combofix directly to your system, you can download them on to a thumbdrive or other type of media from another system and then install on your pc.
You might also try logging on to your system under a different profile/user ID as some malware only affects the profile for which it was loaded under. Meaning, if you can log on as a different user you  may be able to visit and download the applications that I mentioned.
0
 

Author Comment

by:mberman1012
Comment Utility
Removed host and reg. entries. Running malwarebytes now. Will let you know how it goes.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
This entry below is really bad, need fixing and delete the file, or just run combofix.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
@ David-Howard:
This is the only entry in your 'Must Removed!" line that is bad, the others are legit.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Mind telling us what's your reason of removing this legit entry? He needs that to organize, edit, and share his videos." )
023 lines are very crucial entries, legit ones should be left alone unless there's a very good reason for removing it(as in a redundant service where the program is no longer installed).
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now