1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

killah.exe???

Discussion in 'Windows XP' started by fiftyone, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. fiftyone

    fiftyone Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    6
    I was searching through my WINDOWS folder today because I was helping out a friend with all kinds of spyware on his sys and I came across this file and was curious to if anyone knows what it is? killah.exe is the full name. it doesnt show on S&D or HJT or AdAware...so i was just curious.
     
  2. fiftyone

    fiftyone Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    6
    also, i know this is totally off topic but ive been itching to ask someone...i get bombarded with spam in my email acct...i have a COX cable account in SoCal. Ive tried to remove, block, etc, with no success whatsoever. I dunno where it came from and its the same crap over and over and over...wondering if someone could help me with that. sorry if this is posted in the wrong forum.
     
  3. fiftyone

    fiftyone Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    6
    ok i double clicked it which was probably a mistake and in my taskmanager actalert.exe, install.exe, optimize.exe, and some other exe started running...im guessing its not good stuff.
     
  4. thegreatone

    thegreatone

    Joined:
    Jan 10, 2003
    Messages:
    210
  5. fiftyone

    fiftyone Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    6
    thanks dude. I didnt really have a problem but I came across it helping my friend. I got it squared away I think tho. Here's my latest log.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Stardock\WinCustomize\CursorXP\CursorXP.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Masta Killa\Desktop\DT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by .::Cu3eD::.
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.yahoo.com/
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\WinCustomize\CursorXP\CursorXP.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37897.3861458333
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
     
  6. fiftyone

    fiftyone Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    6
    removed twaintec.dll
     
  7. thegreatone

    thegreatone

    Joined:
    Jan 10, 2003
    Messages:
    210
    It looks ok to me. There's nothing there that I would remove. The twaintec.dll I wasn't sure about but you already removed it so everything else look good. Someone with more experience may pick up something but to the best of my knowledge it it looks good.
     
  8. fiftyone

    fiftyone Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    6
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222842

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice