1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan-spy.Win32.Banker.aiw

Discussion in 'Virus & Other Malware Removal' started by Gargantua, Nov 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Gargantua

    Gargantua Thread Starter

    Joined:
    Nov 12, 2008
    Messages:
    14
    I keep getting this message popping up:

    Windows Firewall has detected unauthorised activity , but unfortunately it cannot help you remove viruses, keyloggers and spyware threats that steal your personal information from you computer. Click here to pick recommended software.

    EDIT: I just noticed that my Windows Firewall was actually not turned ON! I've turned it on now, I'm still getting the message though. This message happens whether or not I'm connected to the internet. I've just timed the message and it appears every 20 minutes.

    Here is a print scr of the actual message:

    [​IMG]http://img139.imageshack.us/my.php?image=trojaalertnu6.jpg


    If I click "protect" button, it opens up an IE window directing me to a software download for spyware killer on this page:

    http://www.defender-review.com/index.php?a=111

    Its called Personal Defender 2009, i don't know if the actual alert is a scam to get people to install the software?

    I've tried Spybot but the message keeps returning. I'm currently running a Norton scan but nothing detected so far (my Norton is a trial version, I didn't upgrade to full version since buying PC last year so the definitions are out of date).

    Any help appreciated.

    SYS Spec:

    Laptop Aspire 5052
    Windows Vista
    2.2 ghz, 4gb ram

    Vista
     
  2. Gargantua

    Gargantua Thread Starter

    Joined:
    Nov 12, 2008
    Messages:
    14
    Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:31:45, on 12/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Alarm Me\AlarmMe.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\BySoft FreeRAM\FreeRAM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\sbash22\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\conime.exe
    C:\PROGRAM FILES\A-SQUARED FREE\A2FREE.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\MXit\MXitPC\MXit.exe
    C:\PROGRA~1\MXit\MXitPC\mxit.exe
    C:\PROGRA~1\MXit\MXitPC\launcher.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.232.103.203:3127
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlarmMe] "C:\Program Files\Alarm Me\AlarmMe.exe" "-h"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
    O4 - HKCU\..\Run: [dwm] "C:\Users\sbash22\AppData\Roaming\Google\dwm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A0532C55-9561-4838-982D-2D3C030BCD91}: NameServer = 10.23.0.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10725 bytes
     
  3. Gargantua

    Gargantua Thread Starter

    Joined:
    Nov 12, 2008
    Messages:
    14
    Here is the A2 Log:

    a-squared Free - Version 3.5
    Last update: 12/11/2008 07:13:09

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\, D:\
    Scan archives: On
    Heuristics: On
    ADS Scan: On

    Scan start: 12/11/2008 07:13:59

    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.2o7!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.about!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.adtech!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.advertising!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.atdmt!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.com!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.questionmarket!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.realmedia!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.rub!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.serving-sys!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.specificclick!A2
    C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.tribalfusion!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:113 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:114 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:115 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:116 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:118 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:119 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:120 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:131 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:132 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:133 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:138 detected: Trace.TrackingCookie.doubleclick.net!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:195 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:196 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:197 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:198 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:199 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:200 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:201 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:202 detected: Trace.TrackingCookie.about.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:254 detected: Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:261 detected: Trace.TrackingCookie.www.googleadservices.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:263 detected: Trace.TrackingCookie.tribalfusion.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:264 detected: Trace.TrackingCookie.tribalfusion.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:265 detected: Trace.TrackingCookie.tribalfusion.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:266 detected: Trace.TrackingCookie.tribalfusion.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:290 detected: Trace.TrackingCookie.adopt.euroclick.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:315 detected: Trace.TrackingCookie.media!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:315 detected: Trace.TrackingCookie.media.adrevolver.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:316 detected: Trace.TrackingCookie.media!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:316 detected: Trace.TrackingCookie.media.adrevolver.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:317 detected: Trace.TrackingCookie.media!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:317 detected: Trace.TrackingCookie.media.adrevolver.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:319 detected: Trace.TrackingCookie.media!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:319 detected: Trace.TrackingCookie.media.adrevolver.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:334 detected: Trace.TrackingCookie.adbrite.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:335 detected: Trace.TrackingCookie.adbrite.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:336 detected: Trace.TrackingCookie.adbrite.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:337 detected: Trace.TrackingCookie.adbrite.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:375 detected: Trace.TrackingCookie.www.burstnet.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:404 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:405 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:406 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:407 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:408 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:409 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:410 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:411 detected: Trace.TrackingCookie.zedo.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:412 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:414 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:415 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:416 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:431 detected: Trace.TrackingCookie.clicktorrent.info!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:432 detected: Trace.TrackingCookie.clicktorrent.info!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:433 detected: Trace.TrackingCookie.clicktorrent.info!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:434 detected: Trace.TrackingCookie.clicktorrent.info!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:435 detected: Trace.TrackingCookie.clicktorrent.info!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:481 detected: Trace.TrackingCookie.thefreedictionary.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:511 detected: Trace.TrackingCookie.count!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:511 detected: Trace.TrackingCookie.counter.hitslink!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:511 detected: Trace.TrackingCookie.counter.hitslink.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:521 detected: Trace.TrackingCookie.casalemedia.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:522 detected: Trace.TrackingCookie.casalemedia.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:523 detected: Trace.TrackingCookie.casalemedia.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:524 detected: Trace.TrackingCookie.casalemedia.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:525 detected: Trace.TrackingCookie.casalemedia.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:534 detected: Trace.TrackingCookie.lycos.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:535 detected: Trace.TrackingCookie.lycos.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:536 detected: Trace.TrackingCookie.lycos.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:537 detected: Trace.TrackingCookie.lycos.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:566 detected: Trace.TrackingCookie.statse.webtrendslive!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:566 detected: Trace.TrackingCookie.statse.webtrendslive.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:587 detected: Trace.TrackingCookie.ad1.clickhype.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:599 detected: Trace.TrackingCookie.tag.contextweb.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:600 detected: Trace.TrackingCookie.tag.contextweb.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:602 detected: Trace.TrackingCookie.tag.contextweb.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:638 detected: Trace.TrackingCookie.click.cashengines.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:723 detected: Trace.TrackingCookie.www.burstbeacon.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:750 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:754 detected: Trace.TrackingCookie.m.webtrends.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:761 detected: Trace.TrackingCookie.www2.addfreestats.com!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:783 detected: Trace.TrackingCookie.adsfac.eu!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:784 detected: Trace.TrackingCookie.adsfac.eu!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:785 detected: Trace.TrackingCookie.adsfac.eu!A2
    C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:786 detected: Trace.TrackingCookie.adsfac.eu!A2
    C:\Program Files\DAEMON Tools Lite\SRSAI.exe detected: Adware.Win32.Shopper.r!A2
    D:\[ 3 ] G A M E S\THIEF 3 - DEADLY SHADOWS Mr.Bean\Addon\Addon.exe detected: Trojan.WinREG.UnaskedFury.a!A2

    Scanned

    Files: 307420
    Traces: 456702
    Cookies: 1173
    Processes: 63

    Found

    Files: 2
    Traces: 0
    Cookies: 97
    Processes: 0
    Registry keys: 0

    Scan end: 12/11/2008 10:14:58
    Scan time: 3:00:59

    D:\[ 3 ] G A M E S\THIEF 3 - DEADLY SHADOWS Mr.Bean\Addon\Addon.exe Deleted Trojan.WinREG.UnaskedFury.a!A2
    C:\Program Files\DAEMON Tools Lite\SRSAI.exe Deleted Adware.Win32.Shopper.r!A2

    Deleted

    Files: 2
    Traces: 0
    Cookies: 0



    I deleted the last 2 already as they were medium and high risk threats but the problem's still happening.
     
  4. Gargantua

    Gargantua Thread Starter

    Joined:
    Nov 12, 2008
    Messages:
    14
    help much appreciated
     
  5. Gargantua

    Gargantua Thread Starter

    Joined:
    Nov 12, 2008
    Messages:
    14
    Appreciate any help, i still have this problem after running Spybot, Adaware, Norton.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/768452

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice