HiJackThis won't stick!!

Status
Not open for further replies.
B

BlackScarlet

Posts: 105   +0
There are several programs that run at startup for me, that don't appear in msconfig or other startup utilities, but do appear in HJT.

I delete them, and they never stick, they are always back the next time. Wtf?


Here is the log. The items I keep trying to rid myself of are in bold.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

(Moderator edit: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.
 
You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.


This thread is for the use of BlackScarlet only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi,

Try the following:

You may wish to copy and paste these instructions on notepad for easier reference later.

  1. Boot into safe mode under your normal user name. See how HERE

  2. Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Ad-Aware 2007 Service
    Avid SDM Service
    Avid Startup
    ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service)
    Digidesign MME Refresh Service
    Outpost Firewall Service
    StarWind iSCSI Service

  3. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
    O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

    Close HJT.

  4. Reboot into normal mode and rehide your protected OS files.

Post back to let us know how it goes.

PS. Rik: I think his problem is with trying to speed up his system and remove unnecessary services and processes.

Regards,
momok =)
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back