• 0

help me get rid of unwanted things

Asked by Cpl. Fatty,

 Share

Question

Proficient

Cpl. Fatty

Posted
Posted

here is a copy of my hijack this logfile. can you help by telling me which ones i should delete. thank you.

Logfile of HijackThis v1.97.7

Scan saved at 8:17:43 AM, on 7/24/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Q3BsLiBGYXR0eQ\command.exe

E:\Program Files\Network Monitor\netmon.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

E:\Program Files\Trend Micro\Internet Security\tmproxy.exe

E:\WINDOWS\system32\rundll32.exe

E:\Program Files\Trend Micro\Internet Security\PccPfw.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\System32\RUNDLL32.EXE

E:\Program Files\Hotkey\Hotkey.exe

E:\Program Files\QuickTime\qttask.exe

E:\WINDOWS\System32\mssvcc.exe

C:\dfndred_7.exe

E:\WINDOWS\System32\mssecure.exe

E:\Program Files\Trend Micro\Internet Security\pccguide.exe

E:\Program Files\Trend Micro\Internet Security\PCClient.exe

E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

E:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\COMMON~1\quim\quimm.exe

E:\Documents5120.exe

E:\WINDOWS\System32\svchost.exe

E:\Documents5120.exe

E:\Documents5120.exe

E:\Program Files\DAP\DAP.exe

E:\WINDOWS\System32\wuauclt.exe

E:\WINDOWS\system32\rundll32.exe

E:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Cpl. Fatty\My Documents\Apps\hijackthis.exe

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\System32\hgghfgh.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\Program Files\DAP\DAPIEBar.dll

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - E:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Hotkey] E:\Program Files\Hotkey\Hotkey.exe

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe

O4 - HKLM\..\Run: [newname] C:\\nwnmed_7.exe

O4 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\Run: [DownloadAccelerator] E:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "E:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\RunServices: [secures23] mssecure.exe

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKCU\..\Run: [quim] E:\PROGRA~1\COMMON~1\quim\quimm.exe

O4 - HKCU\..\Run: [Winsvr] E:\Documents5120.exe

O4 - HKCU\..\Run: [WinMedia] E:\Documents3072.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...4a604ce84bc937c

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C63B176-74FB-46C3-9465-58457832EFAC}: NameServer = 203.134.64.66 203.134.65.66

Link to comment
https://www.neowin.net/forum/topic/481334-help-me-get-rid-of-unwanted-things/
Share on other sites

1 answer to this question

Recommended Posts

  • 0
Experienced

McSmiggins

Posted
Posted

E:\WINDOWS\Q3BsLiBGYXR0eQ\command.exe

E:\Program Files\Network Monitor\netmon.exe

C:\dfndred_7.exe

E:\WINDOWS\System32\mssecure.exe

E:\PROGRA~1\COMMON~1\quim\quimm.exe

E:\Documents5120.exe

E:\Documents5120.exe

E:\Documents5120.exe

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\System32\hgghfgh.dll

O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe

O4 - HKLM\..\Run: [newname] C:\\nwnmed_7.exe

O4 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\RunServices: [secures23] mssecure.exe

They're the ones that stand out.

If you google most of the exe's they come up mostly as spyware/worms

Basic rule is, if you don't know what a process is, google the name and someone will have written about it. Just because something's written that it's from Microsoft doesn't necessarily mean it it.

Best bet, don't just untick them, chances are if they're running they'll just put themselves back.

Get some anti spyware software, ad-aware, spybot, ms defender, I'm not going to pick one, cos it's a huge debate and run full scans. Clean out your temp folders, and see what hijack this comes back with.

Edit: Fixed some grammar :)

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • The official Funny Pictures thread

      By +Warwagon · Posted

      never mind the video had a couple swear words... gosh it was funny!
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By matthiew · Posted

      It's expensive, but I bet it will still sell out just like the Steam Deck and the Steam Controller
    • Politically funny images of the World

      By +Edouard · Posted

    • Microsoft outs Windows 11 KB5095093 with long list of new features

      By Jaybonaut · Posted

      This is listed as a preview in WU for me. I usually don't grab them as previews; what's your opinion on it so far?
    • Pale Moon 34.3.1

      By Copernic · Posted

      Pale Moon 34.3.1 by Razvan Serea Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser! Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browsers speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own. Features: Optimized for modern processors Based on proprietary optimized layout engine (Goanna) Safe: forked from mature Mozilla code and regularly updated Secure: Additional security features and security-aware development Supported by our user community, and fully non-profit Familiar, efficient, fully customizable interface Support for full themes: total freedom over any elements design Support for easily-created lightweight themes (skins) Smooth and speedy page drawing and script processing Increased stability: experience fewer browser crashes Support for many Firefox extensions Support for a growing number of Pale Moon exclusive extensions Extensive and growing support for HTML5 and CSS3 Many customization and configuration options Pale Moon 34.3.1 changelog: Pale Moon will now exclude local resources from CSP checks, aligning it with the rest of CSP handling. Fixed an issue where the devtools JSON viewer would, in some cases, make erroneous requests to remote servers. Updated libpng to 1.6.58+apng. Updated NSS to 3.90.12 (UXP), addressing multiple security issues. Fixed several intermittent and rare crashes. Security issues addressed: CVE-2026-12318 (CWE-125), CVE-2026-12322, CVE-2026-12292 (DiD), and multiple other issues that did not have a CVE designation at the time of patching. Download: Pale Moon (64-bit) | Portable 64-bit | ~40.0 MB (Freeware) Download: Pale Moon (32-bit) | Portable 32-bit Links: Pale Moon Homepage | Add-ons | Themes | Extensions | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Grand Master
      Jaybonaut went up a rank
      Grand Master
    • One Year In
      Philsl earned a badge
      One Year In
    • Dedicated
      Scoobystu earned a badge
      Dedicated
    • First Post
      Tom Schmidt earned a badge
      First Post
    • One Month Later
      D0nn13 earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      416
    2. 2
      +Edouard
      176
    3. 3
      PsYcHoKiLLa
      124
    4. 4
      Michael Scrip
      77
    5. 5
      Xenon
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!