# Trojan-spy.Win32.Banker.aiw



## Gargantua

I keep getting this message popping up:

_ Windows Firewall has detected unauthorised activity , but unfortunately it cannot help you remove viruses, keyloggers and spyware threats that steal your personal information from you computer. Click here to pick recommended software. _

EDIT: I just noticed that my Windows Firewall was actually not turned ON! I've turned it on now, I'm still getting the message though. This message happens whether or not I'm connected to the internet. I've just timed the message and it appears every 20 minutes.

Here is a print scr of the actual message:

http://img139.imageshack.us/my.php?image=trojaalertnu6.jpg

If I click "protect" button, it opens up an IE window directing me to a software download for spyware killer on this page:

http://www.defender-review.com/index.php?a=111

Its called Personal Defender 2009, i don't know if the actual alert is a scam to get people to install the software?

I've tried Spybot but the message keeps returning. I'm currently running a Norton scan but nothing detected so far (my Norton is a trial version, I didn't upgrade to full version since buying PC last year so the definitions are out of date).

Any help appreciated.

SYS Spec:

Laptop Aspire 5052
Windows Vista
2.2 ghz, 4gb ram

Vista


----------



## Gargantua

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:45, on 12/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alarm Me\AlarmMe.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\sbash22\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\PROGRAM FILES\A-SQUARED FREE\A2FREE.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\MXit\MXitPC\MXit.exe
C:\PROGRA~1\MXit\MXitPC\mxit.exe
C:\PROGRA~1\MXit\MXitPC\launcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.232.103.203:3127
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlarmMe] "C:\Program Files\Alarm Me\AlarmMe.exe" "-h"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [dwm] "C:\Users\sbash22\AppData\Roaming\Google\dwm.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix: 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0532C55-9561-4838-982D-2D3C030BCD91}: NameServer = 10.23.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10725 bytes


----------



## Gargantua

Here is the A2 Log:

a-squared Free - Version 3.5
Last update: 12/11/2008 07:13:09

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 12/11/2008 07:13:59

C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.2o7!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.about!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.adtech!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.advertising!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.atdmt!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.com!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.realmedia!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.rub!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.specificclick!A2
C:\Users\sbash22\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:113 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:114 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:115 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:116 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:118 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:119 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:120 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:131 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:132 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:133 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:138 detected: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:195 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:196 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:197 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:198 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:199 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:200 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:201 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:202 detected: Trace.TrackingCookie.about.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:254 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:261 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:263 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:264 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:265 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:266 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:290 detected: Trace.TrackingCookie.adopt.euroclick.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:315 detected: Trace.TrackingCookie.media!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:315 detected: Trace.TrackingCookie.media.adrevolver.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:316 detected: Trace.TrackingCookie.media!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:316 detected: Trace.TrackingCookie.media.adrevolver.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:317 detected: Trace.TrackingCookie.media!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:317 detected: Trace.TrackingCookie.media.adrevolver.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:319 detected: Trace.TrackingCookie.media!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:319 detected: Trace.TrackingCookie.media.adrevolver.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:334 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:335 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:336 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:337 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:375 detected: Trace.TrackingCookie.www.burstnet.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:404 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:405 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:406 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:407 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:408 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:409 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:410 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:411 detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:412 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:414 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:415 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:416 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:431 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:432 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:433 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:434 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:435 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:481 detected: Trace.TrackingCookie.thefreedictionary.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:511 detected: Trace.TrackingCookie.count!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:511 detected: Trace.TrackingCookie.counter.hitslink!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:511 detected: Trace.TrackingCookie.counter.hitslink.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:521 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:522 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:523 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:524 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:525 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:534 detected: Trace.TrackingCookie.lycos.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:535 detected: Trace.TrackingCookie.lycos.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:536 detected: Trace.TrackingCookie.lycos.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:537 detected: Trace.TrackingCookie.lycos.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:566 detected: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:566 detected: Trace.TrackingCookie.statse.webtrendslive.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:587 detected: Trace.TrackingCookie.ad1.clickhype.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:599 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:600 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:602 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:638 detected: Trace.TrackingCookie.click.cashengines.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:723 detected: Trace.TrackingCookie.www.burstbeacon.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:750 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:754 detected: Trace.TrackingCookie.m.webtrends.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:761 detected: Trace.TrackingCookie.www2.addfreestats.com!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:783 detected: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:784 detected: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:785 detected: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\sbash22\AppData\Roaming\Mozilla\Firefox\Profiles\309wy1ap.default\cookies.txt:786 detected: Trace.TrackingCookie.adsfac.eu!A2
C:\Program Files\DAEMON Tools Lite\SRSAI.exe detected: Adware.Win32.Shopper.r!A2
D:\[ 3 ] G A M E S\THIEF 3 - DEADLY SHADOWS Mr.Bean\Addon\Addon.exe detected: Trojan.WinREG.UnaskedFury.a!A2

Scanned

Files: 307420
Traces: 456702
Cookies: 1173
Processes: 63

Found

Files: 2
Traces: 0
Cookies: 97
Processes: 0
Registry keys: 0

Scan end: 12/11/2008 10:14:58
Scan time: 3:00:59

D:\[ 3 ] G A M E S\THIEF 3 - DEADLY SHADOWS Mr.Bean\Addon\Addon.exe Deleted Trojan.WinREG.UnaskedFury.a!A2
C:\Program Files\DAEMON Tools Lite\SRSAI.exe Deleted Adware.Win32.Shopper.r!A2

Deleted

Files: 2
Traces: 0
Cookies: 0

I deleted the last 2 already as they were medium and high risk threats but the problem's still happening.


----------



## Gargantua

help much appreciated


----------



## Gargantua

Appreciate any help, i still have this problem after running Spybot, Adaware, Norton.


----------

