Here is my Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:05:04 PM, on 7/2/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 – Hosts: ::1 localhost O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 – BHO: Browser Address Error Redirector – {CA6319C0-31B7-401E-A518-A07C3DB8F777} – C:\Program Files\Dell\BAE\BAE.dll O4 – HKLM\..\Run: [DigidesignMMERefresh] F:\Digidesign\Drivers\MMERefresh.exe O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’) O4 – HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’) O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’) O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 – Extra context menu item: Send image to &Bluetooth Device… – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 – Extra context menu item: Send page to &Bluetooth Device… – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 – Extra button: @btrez.dll,-4015 – {CCA281CA-C863-46ef-9331-5C8D4460577F} – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 – Extra ‘Tools’ menuitem: @btrez.dll,-12650 – {CCA281CA-C863-46ef-9331-5C8D4460577F} – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 – Gopher Prefix: O23 – Service: Digidesign MME Refresh Service (DigiRefresh) – Digidesign, A Division of Avid Technology, Inc. – F:\Digidesign\Drivers\MMERefresh.exe O23 – Service: digiSPTIService – Digidesign, A Division of Avid Technology, Inc. – F:\Digidesign\Pro Tools\digiSPTIService.exe O23 – Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) – Avid Technology, Inc. – C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 – Service: stllssvr – Unknown owner – C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) — End of file – 3984 bytes

Answer:
Boot into safe mode and disable startup items by typing “msconfig” in the run box. once you are in msconfig click on the tab that says “startup” . uncheck ALL of the boxes. restart your computer into normal mode. Then run your virus scanner and delete it. This methd works with 99.9% of all trojans and viruses.

Comments are closed.