Solved

Log File

Posted on 2009-05-12
5
365 Views
Last Modified: 2013-12-06
Hi,
Ive got a PC  - Can't update virus software, can go to any security sites ... I'm attaching the Hijackthis Log File.

Thanks
log01.txt
0
Comment
Question by:mberman1012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 500 total points
ID: 24364985
These entries can be removed but are not threats.
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe

These entries need to be removed!
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es

Neutral entries. Remove if you do not there source.
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent

Must be removed!
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Remove if you do not know the source of these entries.
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

Your log file is clean other than what I have listed.  I suggest booting into Safe Mode (F8 at startup) and then removing these entries.
I recommend downloading and updating Malwarebytes.
You can get it free from www.Malwarebytes.org
Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
If the above steps fail to remove the threat,
you may need to download and run Combofix.
The free download and directions can be located here.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
As noted in the directions, prior to running Combofix or any other anti-malware/anti-virus application please stop your anti-virus and anti-malware programs. Combofix should be saved to and run from your desktop.
You should rename the anti-malware suites to a different name prior to downloading as some threats can prevent them from running with their default names.

0
 
LVL 27

Expert Comment

by:David-Howard
ID: 24365003
One more thing. If you cannot download malwarebytes or combofix directly to your system, you can download them on to a thumbdrive or other type of media from another system and then install on your pc.
You might also try logging on to your system under a different profile/user ID as some malware only affects the profile for which it was loaded under. Meaning, if you can log on as a different user you  may be able to visit and download the applications that I mentioned.
0
 

Author Comment

by:mberman1012
ID: 24366238
Removed host and reg. entries. Running malwarebytes now. Will let you know how it goes.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24372009
This entry below is really bad, need fixing and delete the file, or just run combofix.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24372073
@ David-Howard:
This is the only entry in your 'Must Removed!" line that is bad, the others are legit.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialS etup1.0.0.15-3.cab

Mind telling us what's your reason of removing this legit entry? He needs that to organize, edit, and share his videos." )
023 lines are very crucial entries, legit ones should be left alone unless there's a very good reason for removing it(as in a redundant service where the program is no longer installed).
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

0

Featured Post

Scamming the Scammers!

Have you ever heard of Scam Baiting?
It's a highly entertaining sport that you can participate in.
Introduction to beating scammers at their own game and how you can help
Share your thoughts, ideas and experiences on the topic.
Links to top Anti-Scam resources provided.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question