Front Office Football Central

Front Office Football Central (https://forums.operationsports.com/fofc//index.php)
-   FOFC Archive (https://forums.operationsports.com/fofc//forumdisplay.php?f=27)
-   -   Ping: Spyware experts (https://forums.operationsports.com/fofc//showthread.php?t=45045)

GoldenEagle 12-06-2005 12:20 AM

Ping: Spyware experts
 
I have two annyoing spyware programs called rundll.exe and rpen. exe. I have run hijackthis and below is my log file. I close these programs out everyitme I boot the computer up. However, I still find that they come up at random times. Can someone take a look at the logfile and see what needs to be deleted? The programs were not running when I did the scan.

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:46 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.119.33.134:8000
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.thecfl.net/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\fu8efekk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\fu8efekk.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AC989A12-54FB-7A75-8A64-0CC54F7813E3} - C:\WINDOWS\System32\jxle.dll
O2 - BHO: (no name) - {D2306755-ACB0-460C-B84E-BCF67016C83F} - C:\WINDOWS\System32\ecompstui.dll (file missing)
O3 - Toolbar: (no name) - {520F0E29-3059-4B6D-966F-E96E4462C90B} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe
O4 - HKLM\..\Run: [AOL Instant Messanger] aim2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [AOL Instant Messanger] aim2.exe
O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe
O4 - HKCU\..\Run: [Jyom] C:\WINDOWS\System32\r?ndll.exe
O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\Poker Clients\PokerNow\PokerNow.exe
O9 - Extra 'Tools' menuitem: PokerNow - {2DB0FBAF-5223-4c96-8C25-F60D5E437D34} - C:\Program Files\Poker Clients\PokerNow\PokerNow.exe
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\Poker Clients\MultiPoker\MultiPoker.exe
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\Poker Clients\MultiPoker\MultiPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Aztec Riches Poker - {7FCF69CA-B1D5-4b13-A6B0-31020DD5A976} - C:\Program Files\aztecrichesMPP\MPPoker.exe (file missing)
O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Program Files\crazyvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker Clients\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker Clients\UltimateBet\UltimateBet.exe
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker Clients\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker Clients\PartyPoker\PartyPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132817649218
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab
O18 - Protocol hijack: mhtml -
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - Unknown owner - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe" runservice -N "pgsql-8.0" -D "C:\Program Files\PostgreSQL\8.0\data\ (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe

Emiliano 12-06-2005 06:43 AM

Damn!!! :eek: You're full.

These

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE

are 100% spywares/trojans. I deleted 'em a lot of times on PCs.

In my opinion the best way to remove this trash is the one that I proposed in this thread, post #7.

If you have doubts/questions just ask, no problem.

EDIT: Mmmhhh... I've just read the entire log. I gotta tell you: in these cases, IMO, it's better to re-format. Too much stuff to clean.

Airhog 12-06-2005 07:05 AM

I don't know what you are thinking but none of those are trojans. They are all in the correct location. Those are nessecary system files, and deleting them will cause your machine to not work.

dacman 12-06-2005 07:15 AM

Quote:

Originally Posted by Emiliano
Damn!!! :eek: You're full.

These

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE

are 100% spywares/trojans. I deleted 'em a lot of times on PCs.


So you've permanantly disabled lots of PC's, eh? Fucking moron.

I guess I shouldn't complain too much. Dumbasses like you keep me working.

wade moore 12-06-2005 07:19 AM

You guys beat me to it...

Emiliano 12-06-2005 10:46 AM

Quote:

Originally Posted by dacman
So you've permanantly disabled lots of PC's, eh? Fucking moron.

I guess I shouldn't complain too much. Dumbasses like you keep me working.

Fucking moron??? Dumbass??? Why you're insulting me??? I've never insulted you. Please, be civil. I was just trying to help...

Anyway, you guys are right: these files are in the right locations. Usually spywares/trojans have the same names as the files above, but they're in the C:\WINDOWS folder and they're not copyrighted by Microsoft. I didn't read correctly. My bad.

sterlingice 12-06-2005 11:15 AM

Yeah, back off the guy. He was trying to help and those are common virus files, if not in those locations.

Man, there's a lot of junk there. Weather bug, Ebates, tons of garbage poker items- do you have these all installed and running?

O4 - HKCU\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe
This one looks suspicious to me- I don't recognize that file. There's a "Magnify.exe" but not magenify.

C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
This one looks a little out of place but I haven't used Netscape for a while. The only reason I say that is because it's buried 2 deep in directories- but that may be the correct structure. Easy enough to check if that's the correct place by seeing what that file actually is.

SI

dacman 12-06-2005 11:49 AM

Quote:

Originally Posted by sterlingice
Yeah, back off the guy. He was trying to help and those are common virus files, if not in those locations.


While they certainly can get infected with viruses, the files themselves are Windows operating system files. Any IT person worth 2 cents would know this. Telling people to delete files off their computer without knowing what the hell you're talking about is going to raise my ire. I've been down that road WAY too many times (cleaning up the mess left afterwards).

sovereignstar 12-06-2005 12:35 PM

Quote:

Originally Posted by dacman
So you've permanantly disabled lots of PC's, eh? Fucking moron.

I guess I shouldn't complain too much. Dumbasses like you keep me working.


simmer down, asshole.

GoldenEagle 12-06-2005 12:43 PM

Here is what I am looking at deleting:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.119.33.134:8000
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: (no name) - {520F0E29-3059-4B6D-966F-E96E4462C90B} - (no file)
O4 - HKCU\..\Run: [Jyom] C:\WINDOWS\System32\r?ndll.exe
O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt ndrv
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


Here is files I am not sure about:

O2 - BHO: (no name) - {AC989A12-54FB-7A75-8A64-0CC54F7813E3} - C:\WINDOWS\System32\jxle.dll
O2 - BHO: (no name) - {D2306755-ACB0-460C-B84E-BCF67016C83F} - C:\WINDOWS\System32\ecompstui.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe

Does everything look right? Am I missing anything obvious in the files that I am not sure about. I also had a file named wuaudit that came up every time I booted up the computer. I think Microsoft Anti-spyware got rid of that though.

sterlingice 12-06-2005 12:49 PM

Looks like a good call on most of that stuff.

Nwiz.exe is an nVidia utility so you may want to keep that. Similarly, hpztsb04.exe is an HP deskjet utility.

Everything else in the top section looks good to get deleted. Just make sure you check once you get rid since some come back.

SI

TheOhioStateUniversity 12-06-2005 12:52 PM

Before you go into anything too complicated I would definately suggest you try Spybot SD and definately Microsoft Antispyware to clean up what spybot cant. I would surmise that would solve your problems efficiently.

ozias 12-06-2005 12:59 PM

GE

You should be fine deleting those files.

Also run Ad-Aware and Spybot Serach & Destroy on your system. After running them reboot and run SpywareBlaster.

The first 2 will get rid of alot of spyware, and the third one will keep your system very safe, as it runs in the background, but does use system resources.

The nice thing with HighjackThis, if you delete one of those entries you find out you really need, you can have the program put it back.

Another good program is CCleaner, v1.26.218, is the latest version. It can remove alot of the build up that you have in your registry without having to re-format the HD.

It will scan your system and let you know which items it has found that you may have thought you had removed at an earlier time. Also, the Add/Remove portion of Windows doesn't always remove registry links and CCleaner will let you know which programs didn't get removed properly.

Those 4 programs should keep you spyware free, and since you already have an anti-virus program you should be all set.

John

thetrilogy 12-06-2005 02:57 PM

You need to spend some time on this computer:

In Safe Mode:

Run McAfee Stinger.
Run Ad-Aware SE Personal (with latest updates).
Run HijackThis (with latest version).

**I don't like any poker references. They're all trash. Get rid of them too.

sterlingice 12-06-2005 03:08 PM

Neat- learned a new thing today. Never used CCleaner but now I've got 4 programs (along with Adaware, Spybot, HijackThis) in my "anti-spyware" arsenal.

SI

chinaski 12-06-2005 03:16 PM

GE, have you posted this on hxxp://www.castlecops.biz ? If not, post your hijackthis log in the Spyware, Trojans, Oh My! Forum and youll get great assistance.

chinaski 12-06-2005 03:23 PM

Quote:

Originally Posted by GoldenEagle
Here is what I am looking at deleting:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.119.33.134:8000
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: (no name) - {520F0E29-3059-4B6D-966F-E96E4462C90B} - (no file)
O4 - HKCU\..\Run: [Jyom] C:\WINDOWS\System32\r?ndll.exe
O4 - HKCU\..\Run: [Usrr] "C:\Program Files\etea\rpen.exe" -vt ndrv
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


Here is files I am not sure about:

O2 - BHO: (no name) - {AC989A12-54FB-7A75-8A64-0CC54F7813E3} - C:\WINDOWS\System32\jxle.dll
O2 - BHO: (no name) - {D2306755-ACB0-460C-B84E-BCF67016C83F} - C:\WINDOWS\System32\ecompstui.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [magenify.exe] C:\WINDOWS\System32\magenify.exe

Does everything look right? Am I missing anything obvious in the files that I am not sure about. I also had a file named wuaudit that came up every time I booted up the computer. I think Microsoft Anti-spyware got rid of that though.


Delete all the ones you are not sure about except the hpztsb04.exe, thats your HP Printer taskbar utility. The ones you are looking to delete are all ok to delete. Remember though, this only effects the registry, HiJackThis doesnt actually remove the files.

Download Ad-Aware, Spybot S&D, CCleaner, Avast! Antivirus, AVG Anitvirus, Ewido Antivirus. Install and update them all in Windows, then reboot into safe mode. Dont leave safe mode until youve ran all 6 of those programs. You should be aok after that.


All times are GMT -5. The time now is 11:27 PM.

Powered by vBulletin Version 3.6.0
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.