WIN32/TRUSTINBAR

[Guest]

The following report was received after running Windows defender. The problem
is, this error keeps reapearing.

Category:
Adware

Description:
This program displays advertisements and may be delivered through
unsolicited installation.

Advice:
Remove this software immediately.

Resources:
clsid:
HKLM\Software\Classes\CLSID\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}

regkey:
HKLM\SOFTWARE\CLASSES\TYPELIB\{15ed39f0-afc8-11db-abbd-0800200c9a66}\1.0

regkey:
HKLM\Software\Classes\CLSID\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}

typelibversion:
HKLM\SOFTWARE\CLASSES\TYPELIB\{15ed39f0-afc8-11db-abbd-0800200c9a66}\1.0

typelib:
HKLM\SOFTWARE\CLASSES\TYPELIB\{15ed39f0-afc8-11db-abbd-0800200c9a66}

file:
C:\Program Files\TrustIn Contextual\trustincontext.dll

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}

regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}

bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}

clsid:
HKLM\Software\Classes\CLSID\{0edc6c20-a31c-11db-8ab9-0800200c9a66}

regkey:
HKLM\SOFTWARE\CLASSES\TYPELIB\{ebc8ee20-a31b-11db-8ab9-0800200c9a66}\1.0

regkey:
HKLM\Software\Classes\CLSID\{0edc6c20-a31c-11db-8ab9-0800200c9a66}

typelibversion:
HKLM\SOFTWARE\CLASSES\TYPELIB\{ebc8ee20-a31b-11db-8ab9-0800200c9a66}\1.0

typelib:
HKLM\SOFTWARE\CLASSES\TYPELIB\{ebc8ee20-a31b-11db-8ab9-0800200c9a66}

file:
C:\WINDOWS\system32\basesrvb.dll

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{0edc6c20-a31c-11db-8ab9-0800200c9a66}

regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{0edc6c20-a31c-11db-8ab9-0800200c9a66}

bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}

Summary:
Application Registration change occurred.

This agent monitors the various ways which permit a program, script, or
executable to be started independent of an application.

Checkpoint:
Class IDs

 

[Guest]

Any clues in the System events log you can see?

BHO (Browser Helper Object): A plugin that is automatically runs long with
the Internet browser, adding to its functionality. Some are used for
malicious ends, such as monitoring the web pages viewed by users.

If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recºgnize.

http://inetexplorer.mvps.org/data/addons.htm

You can also use the System Explorers in Microsoft Antispyware to look at
BHO's and block them--it also shows known and unknown fºr BHO's..

http://www.microsoft.com/windowsxp/using/web/sp2_addonmanager.mspx .

Download the following and run a thorough scan in safe mºde:

Ad-Aware - http://www.lavasoftusa.com
'Use custom scanning options' and leaving things checked nets a far more
comprehensive scan than the default 'Smart system scan' choice.

Spybot S&D - http://www.safer-networking.org/
I would suggest staying on the side of caution... Make certain to not to
select any of the pernament protection for Spybot, as this can interfere with
WD Real-tme Protectiºn.

These two programs are a "must have" on every computer.


There is an excellent BHO available - `McAfee Site Advisor` which will give
you fair warning when you are about to visit a dangerous site. When you
search
Google/MSN/Yahoo all links are highlighted in a colour code according to
danger levels. If you see red for example - don`t even go there. If, on the
otherhand, you are just surfing the unobtrusive button will give you fair
warning by changing to the appropriate colour. There is also a reporting
mechanism of dubious sites which are then investigated and added to the
database. BTW its free and I have no finacial interest


HijackThis is ToolBarCop plus more. HijackThis is a tool which is normally
used only when other tools like SpyBot S&D or AdAware cannot find a solution
to your spyware/adware/malware problem. HijackThis searches in some key areas
of the system and Windows registry. These key areas are used by both
legitimate and illegal software. HijackThis searches and lists running
processes, default URLs, search URLs of IE, IE toolbars, winsock hijackers,
BHOs, ActiveX components, non-Microsoft services and more.

http://www.spywareinfo.com/~merijn

Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then
send it to him as an attachment. Put Hijack in the subject
so he'll know it's not spam.

Alternatively you can post it on the Dell Forum at:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

(if it wraps you can go to:

http://tinyurl.com/ckuzq instead.)

Put Ron in the subject so he will see it. You do not need
to have a Dell to post but you will need to register.

Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)


I hope this post is helpful.

Let us know how it works ºut.

Good luck
--


HAPPINESS
Eat with the Rich, but go to play with the Poor, who are capable of Joy.
-----Logan Pearsall Smith

 

[Alan D]

Spybot S&D - http://www.safer-networking.org/
I would suggest staying on the side of caution... Make certain to not to
select any of the pernament protection for Spybot, as this can interfere
with
WD Real-tme Protectiºn.

I've only just noticed this advice. Is there really a potential conflict
here? I've had the Spybot 'permanent protection' enabled for months and
haven't noticed any signs of interference with Defender's RTP.
And if this were so, wouldn't there be a potential conflict with
SpywareBlaster as well?