Bla.exe thing ,help please
- Thread starter mechanik303
- Start date
- Status
mechanik303
Baseband Member
- Messages
- 33
thanks
What is the "O1 - Hosts: 65.54.224.250 65.54.224.250" ? and why should i have to remove it?
,n u didnt mention this..what bout this? ..."O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll " ?
i dont use style xp anymore.it expired.then,i remove this?
-post another log? what do u mean? with hijak this?
its gonna be the same....u mean under specific conditions?
-btw,,,,,why the progam is called "Hijack This"?
-do u know BugOff, from the same author? do u recommend it?
-and finally (sorry for asking much)...then u saw something
in the Log, related to the bla.exe of 0 bytes i have in C:?
what do i do with it? what is it then, its origin, and is it a threat?
(says cant delete bla.exe cuz being in use...?!
Thank u!!
What is the "O1 - Hosts: 65.54.224.250 65.54.224.250" ? and why should i have to remove it?
,n u didnt mention this..what bout this? ..."O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll " ?
i dont use style xp anymore.it expired.then,i remove this?
-post another log? what do u mean? with hijak this?
its gonna be the same....u mean under specific conditions?
-btw,,,,,why the progam is called "Hijack This"?
-do u know BugOff, from the same author? do u recommend it?
-and finally (sorry for asking much)...then u saw something
in the Log, related to the bla.exe of 0 bytes i have in C:?
what do i do with it? what is it then, its origin, and is it a threat?
(says cant delete bla.exe cuz being in use...?!
Thank u!!
mechanik303
Baseband Member
- Messages
- 33
oh my gosh ahhh!! "nerver use BugOff"??: . WHY!!! . im using it now,,it s supposed to be something good!! from the author of Hijack this!!!
i run Ad-Aware scan, Clean.
i run Spybot SnD scan, Clean.
im gonna post a new log of Hijack this 1.99 now,,,one sec..
i run Ad-Aware scan, Clean.
i run Spybot SnD scan, Clean.
im gonna post a new log of Hijack this 1.99 now,,,one sec..
mechanik303
Baseband Member
- Messages
- 33
here:
Logfile of HijackThis v1.99.1
Scan saved at 4:12:15, on 20/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
F:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
F:\ARCHIV~1\TWEAKM~1\TMTray.exe
C:\Archivos de programa\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
F:\HJT199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Windowsupdate.microsoft.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com
*.Windowsupdate.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃnculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Archivos de programa\Adobe\Acrobat 7.0 R\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - F:\ARCHIV~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] F:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TweakMASTER] F:\ARCHIV~1\TWEAKM~1\TMTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [KAVPersonal50] F:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [CTSysVol] C:\Archivos de programa\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Add to &LinkFox - res://F:\ARCHIV~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARCHIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARCHIV~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097268757108
O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - F:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
is it clean, ok now?
then,,,what about bla.exe? what is it? what applic is using it? why can ti delete it,,why is it 0 bytes,,,
thank ya
Logfile of HijackThis v1.99.1
Scan saved at 4:12:15, on 20/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
F:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
F:\ARCHIV~1\TWEAKM~1\TMTray.exe
C:\Archivos de programa\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
F:\HJT199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Windowsupdate.microsoft.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com
*.Windowsupdate.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃnculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Archivos de programa\Adobe\Acrobat 7.0 R\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - F:\ARCHIV~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] F:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TweakMASTER] F:\ARCHIV~1\TWEAKM~1\TMTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [KAVPersonal50] F:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [CTSysVol] C:\Archivos de programa\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Add to &LinkFox - res://F:\ARCHIV~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARCHIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARCHIV~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097268757108
O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: kavsvc - Kaspersky Lab - F:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
is it clean, ok now?
then,,,what about bla.exe? what is it? what applic is using it? why can ti delete it,,why is it 0 bytes,,,
thank ya
mechanik303
Baseband Member
- Messages
- 33
ok, now bla.exe is deleted, everything seems ok-
i have hjt clean log,
thanks
but ..i wonder why using Bugoff is a bad idea...
cya
i have hjt clean log,
thanks
but ..i wonder why using Bugoff is a bad idea...
cya
- Status
Similar threads
