I ran a HijackThis log and did not recognize some items and a startup list. I installed office live add in 1.4 on 6/24 via windows update. I see an item in my HJT startup list that was not there previously. The item is C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe. I am wondering if this is part of the Office live add-in that I downloaded. I am not sure about my log when I was going through it so I thought maybe someone could take a look at it and make sure I didn't have any malware. I ran Spyware Doctor 6 paid version and it came back no infection. I ran Malwarebytes scan with no infection. I am attaching my logs. Thank you in advance. I am new to the forum so correct me if I omitted anything or posted in the wrong area. I was unable to attach the scan log. If this info is needed please let me know and I will read how to attach a log.

Here is my HJT log. I believe I have the wrong date on my startup list of 6-29. =[

This post has been edited by LDTate: Jun 29 2009, 06:17 AM

Hi lisaz, welcome to the forum.


To make cleaning this machine easier

• Please do not uninstall/install any programs unless asked to
  It is more difficult when files/programs are appearing in/disappearing from the logs.
• Please do not run any scans other than those requested
• Please follow all instructions in the order posted
• All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
• Do not attach any logs/reports, etc.. unless specifically requested to do so.
• If you have problems with or do not understand the instructions, Please ask before continuing.
• Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

WLIDSvcM.exe - Windows Live ID

A question about Spyware Doctor, did you install the antivrus portion as well. If you did, then you have 2 antivirus programs installed. This can lead to conflicts and system slowdowns.


HJT is all showing, so let's have a look with a different tool.

Please note, as a Vista user, you will need to Right click the file and choose Run as Administrator in order to run the tools we use.

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Right click dds.scr and choose Run as Administrator to run the tool.
• When done, DDS.txt will open.
  
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Please post back with your antivirus program and both DDS logs.

Thanks

Thank you for the welcome and the reply. I figured the WLID was related to Office live add-in 1.4 but when I Googled it there were a lot of posts about malware. I don't have the antivirus engine installed with Spyware Doctor. I ran the Script tool and here are the log results. I hope I did it correctly but I am not sure what a script blocking security would be.

I double clicked on one of the attachments to see if I had done this correctly and noticed that the DDS.txt log said that Windows Defender is enabled but it is not enabled due to conflict running with Spyware Doctor. I will wait for a reply. Thanks

This post has been edited by lisaz: Jun 30 2009, 11:07 AM

Hi

You did just fine. I don't see Windows Deender running. That just may be Windows Security Center reporting Windows Defender is enabled.

WINDOWS DEFENDER

• Click Start > Programs > Windows Defender or launch from the system tray icon.
• Click on Tools & Settings > Options.
• Under Real-time protection options, uncheck the "Real-time protection" check box.
• Click Save.
• Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

Everything looks ok in these logs. You seem to have most of the basic security programs. 1 antvirus program, a resident antispyware program, though you have a couple, not a problem as they are on demand.

What are you using for a firewall? I can't seem to find one in the uninstall list.

Your java is out of date. Click your start button, open Control panel.

• Locate the Java icon (it looks like a coffee cup)
• double click it to open it
• click the Update tab
• Click update now

After the java is updated, reboot your computer if not prompted to.

Let me know about your firewall. I'll give you a few suggestions for added security after you post back.

Thanks

Windows Defender is definitely off. I am using Windows Firewall. I went to the control panel and opened security center and it shows Windows Firewall is on. I also am behind a Linksys router wrt54gs.

Hi lisaz,

Ok, as I mentioned, I didn't see Windows Defender running in the logs. With the router you should be ok as long as the Windows firewall is turned on also.

It looks like you keep your computer up to date and use this utility Secunia PSI to check for updates. There isn't much to add.


From your desktop, please delete

• any notepads/logs that we created
• DDS.scr

Updates and upgrades

* If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the cirtical updates installed (Free) Microsoft Office Update

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Since you are using a router and Windows firewall, it should be ok.

You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

Important! Windows Vista requires special instructions for a custom Hosts file. Please see here



-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Keep your antivirus program updated, as well as any other security programs you have.


More tips and programs can be found HERE

Take care

This post has been edited by oldman960: Jul 1 2009, 11:34 AM

Microsoft update also includes Microsoft Office 2007 security updates. I have a question, I see that I have Power Point Viewer 2003 in my programs and Secunia showed an insecurity for PP2003 view. I purchased and installed Office Home and Student 2007 which includes Microsoft Office Power Point 2007. Does PowerPoint viewer 2003 and Office Power point 2007 serve the same purpose? Also, did you see that I didn't have the latest security updates for Office? Thank you so much for all of your help! Will the real time protection of Spyware Blaster conflict with the real time protection of Spyware Doctor? I will learn also about Host files. Thank you for the great info! I will await your response.

Hi lisaz,

Power Point Viewer 2003
Is a free Power Point viewer from MS. You can only view Power Point files with it. You can not edit or create them.

The Power Point that came with Office will allow you to view, edit, create Power Point files.

A lot of folks wiil keep Windows up to date but will neglect Office. If I see Office in a log, I suugest they check for updates.


There will be no conflict between the 2 because they work differently. Spyware Blaster doesn't scan in real time. It adds a list of known malicious sites and programs to your browser's settings. This will prevent malware from installing. Spyware Blaster does not keep running in the backgroud. Once you have used the program it will not run untill you wish to run it again. Spyware Doctor on the other hand scans for malicious files in real time.

Spyware Blaster tutorial

The Host file works by adding known malicious sites to a file. This file is used as an address book of sorts. All web sites in this file are assigned the same address, which is your computer. When your browser attempts to contact a site, Windows first checks the Hosts file for the address for that site. If it's not there then Windows will check on line for the address. If the address of a bad site is in the Hosts file list, your browser will not go to the site because it thinks the site is on your computer and won't be able to find it.

Ok?

I have the box checked in Microsoft update to also check for Windows and other products from Microsoft Updates. I installed Office SP2 sometime in the past. I have even recieved an optinal update for my Linksys wireless adapter through windows update. With me you have to answer yes or no, it is good to explain too though so I learn. Did you see that I didn't get all of Office security updates? Do power point viewer and offcie power point both show power point presentations, in other words are they the same thing? Again yes or no, or sometimes I don't get it. There must be an update for the 2003 viewer because Secunia alerted me but there was no solution for me in Secunia, I will go and look for it. I am sorry I am so inexperienced. I understand Spyware Blaster now. Thank you for helping me.

I think that the only place the Program PowerPoint Viewer 2003 is installed is on my recovery drive D:\. That is what Secunia reported to me. Of course I know to leave the recovery drive alone! I just am not getting it if the PP Viewer 2003 and Office PP 2007 have the same purpose.

Hi lisaz,

No. You usually are better off getting any updates for products directly from that product's vendor.



Yes, they will both show Power Point presentations. No, they are not the same thing.

They only the same in the sense that either one can be used to view (open) a Power Point file. If you want to make a Power Point presentation, you need to use the full version of Power Point. This is the one that is in Office.

If it's only in your Recovery Console, then I wouldn't worry about. It may have come bundled with your comupter. Power Point Viewer 2003 is not installed on you computer at the moment. It was probably removed from your C:\ when you installed Office as Office contans the full version and you would not need just the viewer.

Ok?

I get it now. I was so tired yesterday nothing was making sense to me. Thank you so much for all of your responses, time, help and knowledge. Have a great 4th! You have been most helpful! I installed SpywareBlast and enabled all protection. Good program referral.

Hi lisaz,

You are very welcome and you have a great 4th too.

Take care

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.