TheTechGuide Forum

General Category => Tech Clinic => Topic started by: mengskx on September 28, 2006, 09:10:50 PM

Title: Virus on my desktop
Post by: mengskx on September 28, 2006, 09:10:50 PM

I clicked on something now I have this file named Renx32.dll on my desktop and I cant delete it. Every since it got there I cant open my game, it says someting about changing the colors to 256 which doesnt make sense.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:45 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com (http://\"http://www.dell.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com (http://\"http://www.dell.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

Title: Virus on my desktop
Post by: guestolo on September 29, 2006, 05:17:56 PM

Can you try the following
Let's see if we can find what it's related too
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")

Use the browse button and navigate to the file on your harddrive
Renx32.dll
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

It may show as 0 bytes if it use, but let's see what we see  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Virus on my desktop
Post by: mengskx on September 29, 2006, 06:40:58 PM

Not sure how you wanted the info. I just copy and pasted.


File:      renx32.dll
Status:    
INFECTED/MALWARE
MD5    1ff3fcd76d8b6dd67e0ce69f0492887a
Packers detected:    
-
Scanner results
AntiVir    
Found Heuristic/Malware (probable variant)
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found DeepScan:Generic.Malware.SE!g.1B38E98A
ClamAV    
Found nothing
Dr.Web    
Found MULDROP.Trojan (probable variant)
F-Prot Antivirus    
Found Possibly a new variant of W32/Behavior:SelfStarterInternetTrojan!Maximus
Fortinet    
Found PossibleThreat!010985
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
UNA    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found Backdoor.xBot.14 (probable variant)

Title: Virus on my desktop
Post by: guestolo on September 29, 2006, 09:56:52 PM

Can we also do the following
The file is definitely bad
Let's see if we uncover anything else
You still have Ewido installed

• Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
• Close Ewido. Do not run it yet.
  

Print the rest of these instructions or save them too a text file on desktop

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Sign in with your normal user account

In safe mode, delete the file on desktop>>

Ewido Scan

• Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan.  This scan can take quite a while to run, so be prepared.
  
• Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  
• Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).

Reboot back to Normal windows
Navigate to
C:\Program Files\HJT\HijackThis.exe
Right click on HijackThis.exe and rename it too
mengskx.exe
Do a fresh scan and save logfile and post a fresh log

Also post the whole report from Ewido's please

Title: Virus on my desktop
Post by: mengskx on September 30, 2006, 01:47:20 AM

I saved the ewido report before I applied all the actions. It deleted everything but the first one, it ignored the first one.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:57 AM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\Mengskx.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com (http://\"http://www.dell.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com (http://\"http://www.dell.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   1:37:41 AM 9/30/2006

 + Scan result:   



C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
:mozilla.456:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.250:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.251:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.252:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.253:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.254:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.331:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.332:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.333:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.334:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.335:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.326:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.383:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.348:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.287:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.288:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.289:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.207:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.208:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.209:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.128:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.129:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.394:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.395:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.418:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.419:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.16:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.83:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.84:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.85:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.86:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.451:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.452:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.278:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.279:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.280:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.392:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Ne : No action taken.
:mozilla.457:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.327:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.328:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.343:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.344:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.345:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.39:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.72:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.73:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.74:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.75:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.76:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.116:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.117:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.336:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.337:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.338:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.339:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.340:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.388:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.389:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.80:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.81:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.319:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Texttbnru : No action taken.
:mozilla.373:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.324:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.325:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.374:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.290:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.87:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.88:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.192:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.193:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.194:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

Title: Virus on my desktop
Post by: guestolo on September 30, 2006, 09:26:22 AM

Can you open Hijackthis
Open Misc tools section>>Open "Delete a file on Reboot"
Use the drop down menu beside 'Look in'
Select 'Desktop'

Double click on renx32.dll
Hijackthis should prompt that the file was found and you need to Restart the computer
Allow it to reboot

Let me know if the file is gone

Title: Virus on my desktop
Post by: mengskx on September 30, 2006, 01:29:06 PM

Its not there anymore and my game works. Im going to try to find that guy who gave it to me and report him, hopefully they can ban him from the server. Thanks for the help.

Title: Virus on my desktop
Post by: guestolo on October 01, 2006, 10:31:22 AM

Your welcome, I'll lock this topic
Take care  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />