Author Topic: Virus on my desktop (Read 450 times)

mengskx · « **on:** September 28, 2006, 09:10:50 PM »

I clicked on something now I have this file named Renx32.dll on my desktop and I cant delete it. Every since it got there I cant open my game, it says someting about changing the colors to 256 which doesnt make sense.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:45 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

guestolo · « **Reply #1 on:** September 29, 2006, 05:17:56 PM »

Can you try the following
Let's see if we can find what it's related too
Go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive
Renx32.dll
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

It may show as 0 bytes if it use, but let's see what we see

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

mengskx · « **Reply #2 on:** September 29, 2006, 06:40:58 PM »

Not sure how you wanted the info. I just copy and pasted.

File:      renx32.dll
Status:
INFECTED/MALWARE
MD5    1ff3fcd76d8b6dd67e0ce69f0492887a
Packers detected:
-
Scanner results
AntiVir
Found Heuristic/Malware (probable variant)
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found DeepScan:Generic.Malware.SE!g.1B38E98A
ClamAV
Found nothing
Dr.Web
Found MULDROP.Trojan (probable variant)
F-Prot Antivirus
Found Possibly a new variant of W32/Behavior:SelfStarterInternetTrojan!Maximus
Fortinet
Found PossibleThreat!010985
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found Backdoor.xBot.14 (probable variant)

guestolo · « **Reply #3 on:** September 29, 2006, 09:56:52 PM »

Can we also do the following
The file is definitely bad
Let's see if we uncover anything else
You still have Ewido installed

Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close Ewido. Do not run it yet.

Print the rest of these instructions or save them too a text file on desktop

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Sign in with your normal user account

In safe mode, delete the file on desktop>>

Ewido Scan

Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot back to Normal windows
Navigate to
C:\Program Files\HJT\HijackThis.exe
Right click on HijackThis.exe and rename it too
mengskx.exe
Do a fresh scan and save logfile and post a fresh log

Also post the whole report from Ewido's please

mengskx · « **Reply #4 on:** September 30, 2006, 01:47:20 AM »

I saved the ewido report before I applied all the actions. It deleted everything but the first one, it ignored the first one.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:57 AM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\Mengskx.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:37:41 AM 9/30/2006

+ Scan result:

C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
:mozilla.456:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.250:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.251:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.252:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.253:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.254:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.331:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.332:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.333:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.334:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.335:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.326:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.383:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.348:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.287:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.288:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.289:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.207:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.208:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.209:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.128:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.129:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.394:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.395:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.418:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.419:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.16:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.83:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.84:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.85:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.86:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.451:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.452:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.278:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.279:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.280:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.392:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Ne : No action taken.
:mozilla.457:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.327:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.328:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.343:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.344:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.345:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.39:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.72:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.73:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.74:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.75:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.76:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.116:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.117:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.336:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.337:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.338:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.339:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.340:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.388:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.389:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.80:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.81:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.319:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Texttbnru : No action taken.
:mozilla.373:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.324:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.325:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.374:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.290:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.87:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.88:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.192:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.193:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.194:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\oir2y72o.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

guestolo · « **Reply #5 on:** September 30, 2006, 09:26:22 AM »

Can you open Hijackthis
Open Misc tools section>>Open "Delete a file on Reboot"
Use the drop down menu beside 'Look in'
Select 'Desktop'

Double click on renx32.dll
Hijackthis should prompt that the file was found and you need to Restart the computer
Allow it to reboot

Let me know if the file is gone

mengskx · « **Reply #6 on:** September 30, 2006, 01:29:06 PM »

Its not there anymore and my game works. Im going to try to find that guy who gave it to me and report him, hopefully they can ban him from the server. Thanks for the help.

guestolo · « **Reply #7 on:** October 01, 2006, 10:31:22 AM »

Your welcome, I'll lock this topic
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Virus on my desktop (Read 450 times)

mengskx

Virus on my desktop

guestolo

Virus on my desktop

mengskx

Virus on my desktop

guestolo

Virus on my desktop

mengskx

Virus on my desktop

guestolo

Virus on my desktop

mengskx

Virus on my desktop

guestolo

Virus on my desktop