Hijackthis Log

Posted on 2006-05-31
Last Modified: 2008-02-01
Windowsxp svc pack 2

Having IE issues, pages hanging, IE shutting down suddenly.  Ran Hijackthis but don't know what I can delete from the log - below is a copy.

Logfile of HijackThis v1.97.7
Scan saved at 11:19:52 AM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
\srvmcsfire\Installs\Applications\Workstations\Virus tools\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Manchester Community Schools
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;<local>;localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {03A89EFD-E023-8000-A22D-45F77558EB4C} (ILINCInstall80 Class) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{B295D8CB-90B8-48C2-AE4C-68151CB4072F}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =

Question by:manch03
    LVL 97

    Expert Comment

    Greetings, manch03 !

    I will look at your HijackThis log. But the problem could be a program interfering with IE or a corrupted IE file.

    1. Disable third party extensions. With IE open, go to Tools > Options > Advanced. Uncheck "Third party extensions". Click Ok. Reboot computer.

    2. Reset IE settings.  Go to Tools > Internet Options > Programs.  Click on "Reset Web Settings" button. Go to Advanced tab and click "Restore Defaults" button. Go to Security tab and move the bar to Medium or Default. Click OK. Close all browsers. Reboot the computer.

    3. Check if a program running in the background is interfering with Internet Explorer. Temporarily disable all Norton programs, including anti-virus, anti-spyware, ad-blocker, win doctor, and recycle bin protect. Disable any firewall or ad-blocker.

    4. Repair or reinstall Internet Explorer and Outlook Express in Windows XP

    Best wishes!
    LVL 97

    Accepted Solution


    You should not have posted the HijackThis log here.  Instead, run an an analysis at  then save the result and post a link to the result here.  Here is a link to the analyzed log

    Check the box next to the following items and have HijackThis "Fix Checked".
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

    If you did not install the following items, have HJT remove them.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    O16 - DPF: {03A89EFD-E023-8000-A22D-45F77558EB4C} (ILINCInstall80 Class) -

    A newer version of HijackThis is available. Download HijackThis from

    Author Comment

    LVL 97

    Expert Comment

    manch03, you saved the analyzed log for v1.97.7.  You need to download HijackThis program v1.99.1 and run the log and analysis.

    Author Comment

    The higher version of Hijack helped resolve the issue - thanks
    LVL 97

    Expert Comment

    You are welcome, manch03 !

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Binomial distribution 2 43
    Remove second installation of Windows 10 7 62
    strange bios behaviour 35 86
    what font behind pdf 32 74
    Do you have the problem that a lot of tasks are stacking up fairly quickly? A good way to reduce your big task list is to apply the 3 minute rule. Its fairly simple: if someone asks you to do a specific task, and you know for a fact that it will ā€¦
    This story has been written with permission from the scammed victim, a valued client of mine ā€“ identity protected by request.
    Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the eā€¦

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now