1. I'm not sure what you're trying to say there; can you clarify please?

2. Uninstall the Logitech Desktop Meesenger through your Add/Remove Programs control panel. The LDM program's primary job is to automatically check for online updates for your Logitech devices. Not only do you not need it running, but it really clutters up HijackThis logs, as you can see in your log.

Also uninstall any/all of the following bogus/malicious programs if they exist:

Trust Cleaner
TrustIn Bar
TrustIn Contextual Ads
Trustin Popups
TrustIn Search Assistant
Trust Cleaner Promo
Hotbar Web Tools
Hotbar Outlook Tools
Shopper Reports by Hotbar


3. Your log also has abnormal like breaks in it which make it difficult to read. Please post the contents of your next log by opening the HijackThis.log file in Windows Notepad, choosing "Select all" from the Edit menu, and then "Copy" from the Edit menu. If you paste that content into your posts here, it should format correctly.


You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

4. Open your antivirus program and download/install its most current updates. Don't run a scan with the program yet, though.


5. Download the following utilities and save them to your desktop or another convenient folder:

ATF-Cleaner
ewido Anti-spyware (30-day trial version)

* Install and Configure ewido:

• Close all other Applications and then run the ewido installer
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• It is very important to get the updates
• When updating has finished, close Ewido.

6. Close all open programs/windows, including web browsers. Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:

O4 - HKLM\..\Run: [4028202b.exe] D:\WINDOWS\system32\4028202b.exe
O4 - HKCU\..\Run: [AIP] D:\WINDOWS\aip.exe O4 - HKCU\..\Run: [Trust Cleaner] "D:\Programas\Trust Cleaner\Trust Cleaner.exe"
O4 - HKCU\..\Run: [4028202b.exe] D:\Documents and Settings\Administrador\Definições locais\Application Data\4028202b.exe
O4 - HKCU\..\Run: [LDM] D:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -
D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O18 - Protocol: bw+0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
(Check all of the Logitech Desktop Messenger entries if they still exist!)

Close HijackThis after the fixes complete.


7. Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

Once booted in to Safe Mode:


8. Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


9. Run a full system scan with your antivirus program; have it fix all malicious items it finds.


10. Open ewido

• Click on scanner at the top of the Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Delete.
• Under How to scan, all boxes should be selected
• Under Possibly unwanted software, all boxes should be selected
• On right side under Reports: click on Automatically generate report after every scan.
• Under What to scan, select scan every file
• Clickon the Scan Tab
• Click on Complete system scan
• Let the program scan the machine It can take awhile give it time.
• When scan has finished At bottom of screen click Apply all Actions
• Click Save report
• Click Save Report as (Save as window's screen should pop up.)
• Click desktop
• Click Save
• Exit ewido

11. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files if they still exist:

D:\WINDOWS\system32\4028202b.exe
D:\WINDOWS\aip.exe
D:\Documents and Settings\Administrador\Definições locais\Application Data\4028202b.exe

- Delete the following folders entirely:

D:\Programas\Trust Cleaner
D:\Programas\ShopperReports


12. Empty your Recycle Bin and reboot normally.

13. Run HijackThis again, and post the new log. Also post the log that ewido generated.