0

Thank you mr crunchie for ur early reply... i am mewbie to this site and was unaware of teh rules.... as directed by u i am opening this new thread relating to my problem....

i have a system32 folder opening upo at start up. i tried the mentohod recommended by windows help center but i coundnt find the registry. please help me...

another problem is i had "Trustin popups" but that was done way with the help on an antivirus but the name is still displayed in the "add/remove program list" and i am unable to remove it...

Also from today morning i am unable to open applications of MS Office....
Please Help


Log file of HJT is as under:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:26 AM, on 8/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SOLOAN~1\SRNMIC~1\SOLOSENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaurav\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll (file missing)
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\usbmons.dll (file missing)
O2 - BHO: SpoofBHO Class - {385066e0-23f3-11db-a98b-0800200c9a66} - C:\WINDOWS\se_spoof.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SOLOAN~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\RunServices: [Driver32]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe


Thanks in advance... waiting for a reply....

Regards
Gaurav

2
Contributors
7
Replies
8
Views
11 Years
Discussion Span
Last Post by crunchie
0

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll (file missing)
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\usbmons.dll (file missing)
O2 - BHO: SpoofBHO Class - {385066e0-23f3-11db-a98b-0800200c9a66} - C:\WINDOWS\se_spoof.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)

O4 - HKLM\..\RunServices: [Driver32]


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

i did as was recomended but was of no use... still the system32 folder opens at startup and "Trustin Contextual" is still being displayed in the control panel...
Also i am unable to open Ms office applications...

new log with HJT is as under:

Logfile of HijackThis v1.99.1
Scan saved at 1:13:18 PM, on 8/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SOLOAN~1\SRNMIC~1\SOLOSENT.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Documents and Settings\Gaurav\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SOLOAN~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\RunServices: [Driver32]
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

0

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

===========

Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.


cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit


Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.

==

Please download and install ewido anti-spyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait and Ewido will open to the main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This is very important to get updates
  • When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

Reboot back to normal mode

0

HJT Open Uninstall Manager list:


Jardinains!
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
MakeTorrent v2.0
Media-Codec 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office XP Professional with FrontPage
mIRC
Mozilla Firefox (1.0PR)
MSConfig CleanUp 1.2
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Presto! Mr.Photo 3
RealPlayer
Robo-351 USB Camera
Skype 2.0
Solo Antivirus 4.0
Sony Ericsson PC Suite 1.10.161
Sony Ericsson Themes Creator 2.52
SPBBC
Spelling Dictionaries For Adobe Reader Package
Symantec
Symantec Script Blocking Installer
SymNet
TradeAnywhere
TrustIn Contextual
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer

=============


Find.bat result is as follows:

Messenger
Google
Yahoo!
Atihant
Microsoft Office
Microsoft ActiveSync
HP Printer
HP
Winamp
Sony Ericsson
mIRC
Windows NT
MSN
MSN Gaming Zone
WindowsUpdate
ComPlus Applications
Movie Maker
microsoft frontpage
xerox
Adobe
POD
WinRAR
Disc2Phone
Ahead
Java
Maketorrent 2
dBpowerAMP
3GP Video Converter
Jardinains!
Skype
Turbo Torrent
Azureus
Mozilla Firefox
Real
All To MP3 Converter
InstallShield Installation Information
Presto! Mr.Photo 3
QuickTime
D-Link
01-mp3search
Media-Codec
DivX
ffdshow
MP3 WAV Converter
ACE-HIGH MP3 WAV WMA OGG Converter
Symantec
Norton AntiVirus


=======

have finished downloading ewido will install n runt it in safe mode....

0

I went through the link but couldnt find any of the registery mentioned.... "trustin contextual" is still displayed in add /remove list...

edwido reports are as follows:

+ Scan result:

C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEB.tmp\trustin.dll -> Adware.Azesearch : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0060292.dll -> Adware.Azesearch : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0061022.dll -> Adware.Azesearch : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP157\A0063120.dll -> Adware.Azesearch : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP157\A0065190.dll -> Adware.Azesearch : No action taken.
HKLM\SOFTWARE\Classes\Interface\{60D3A642-0B03-46AD-B8B0-8D45989A0055} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{8C88AAE2-A341-4DE8-B064-062194307E5F} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{C28EB22A-6966-4E4B-8592-E84C28D38402} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Media-Codec.Chl -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Media-Codec.Chl\CLSID -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{506146FD-9499-49A8-AEDE-692C173B2AA4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{B1C54189-72F0-4353-987B-18FA221BEF09} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{EFA1EC0F-8359-41B7-A178-7DD6805A0C79} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{FEBB9141-2FF9-4FC8-BA91-1CE79DDE25CF} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\TrustIn Popups -> Adware.Generic : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp\TrustInPopups.exe -> Adware.Trustin : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP153\A0060235.exe -> Adware.Trustin : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0060290.exe -> Adware.Trustin : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0060813.exe -> Adware.Trustin : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP157\A0063122.exe -> Adware.Trustin : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP157\A0065167.exe -> Adware.Trustin : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP153\A0060234.exe -> Downloader.WarSpy.d : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0060279.exe -> Downloader.WarSpy.d : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0060809.exe -> Downloader.WarSpy.d : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP156\A0061100.exe -> Downloader.WarSpy.d : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP157\A0064160.exe -> Downloader.WarSpy.d : No action taken.
C:\System Volume Information\_restore{90296FA8-AFC3-46F5-94F6-A9455B4CCB30}\RP155\A0060332.dll -> Logger.Banker.bpd : No action taken.
:mozilla.108:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.109:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.110:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10F.tmp -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.49:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.50:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Gaurav\Cookies\gaurav@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.26:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.27:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.28:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.69:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.70:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.71:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.72:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> TrackingCookie.Atdmt : No action taken.
:mozilla.32:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.33:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.36:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Com : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> TrackingCookie.Doubleclick : No action taken.
:mozilla.55:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.56:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Gaurav\Cookies\gaurav@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.102:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.25:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> TrackingCookie.Paycounter : No action taken.
:mozilla.104:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.105:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.73:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.74:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Gaurav\Cookies\gaurav@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Sextracker : No action taken.
:mozilla.113:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.38:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.39:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.40:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Statcounter : No action taken.
:mozilla.61:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.62:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.63:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.29:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.52:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.53:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.54:C:\Documents and Settings\Gaurav\Application Data\Mozilla\Firefox\Profiles\7ucbmw5j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Media-Codec -> Trojan.Small : No action taken.
C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : No action taken.


::Report end

0

I went through the link but couldnt find any of the registery mentioned....

That's what this part is referring to;

Print out these instructions as we will need to close every window that is open later in the fix.

Download FixTC.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.

FixTC.reg Download Link

Confirm that the file FixTC.reg now resides on your desktop as we will need it later.

Please follow the instructions given regarding the use of Ewido. You never instructed Ewido to quarantine what was found. I notice that trustin was found by Ewido, but as you chose for Ewido to do nothing, it is still there.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.