Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Hijackthis Log

Posted on 2006-05-31
6
Medium Priority
?
205 Views
Last Modified: 2008-02-01
Windowsxp svc pack 2

Having IE issues, pages hanging, IE shutting down suddenly.  Ran Hijackthis but don't know what I can delete from the log - below is a copy.

Logfile of HijackThis v1.97.7
Scan saved at 11:19:52 AM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Skyward\dlc\bin\prowin32.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
\srvmcsfire\Installs\Applications\Workstations\Virus tools\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcs.k12.mi.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcs.k12.mi.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Manchester Community Schools
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.10:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = mail.mcs.k12.mi.us;<local>;localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mcs.k12.mi.us
O16 - DPF: {03A89EFD-E023-8000-A22D-45F77558EB4C} (ILINCInstall80 Class) - http://lm-learnlinc-6.ilinc.com/download/ilinci80.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130435709527
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mcs.k12.mi.us
O17 - HKLM\Software\..\Telephony: DomainName = mcs.k12.mi.us
O17 - HKLM\System\CCS\Services\Tcpip\..\{B295D8CB-90B8-48C2-AE4C-68151CB4072F}: NameServer = 10.1.0.8,10.2.0.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mcs.k12.mi.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mcs.k12.mi.us

0
Comment
Question by:manch03
  • 4
  • 2
6 Comments
 
LVL 97

Expert Comment

by:war1
ID: 16799639
Greetings, manch03 !

I will look at your HijackThis log. But the problem could be a program interfering with IE or a corrupted IE file.

1. Disable third party extensions. With IE open, go to Tools > Options > Advanced. Uncheck "Third party extensions". Click Ok. Reboot computer.

2. Reset IE settings.  Go to Tools > Internet Options > Programs.  Click on "Reset Web Settings" button. Go to Advanced tab and click "Restore Defaults" button. Go to Security tab and move the bar to Medium or Default. Click OK. Close all browsers. Reboot the computer.

3. Check if a program running in the background is interfering with Internet Explorer. Temporarily disable all Norton programs, including anti-virus, anti-spyware, ad-blocker, win doctor, and recycle bin protect. Disable any firewall or ad-blocker.

4. Repair or reinstall Internet Explorer and Outlook Express in Windows XP
http://windowsxp.mvps.org/IEFIX.htm
OR
http://www.theeldergeek.com/repair_reinstall_ie_and_oe_6.htm
OR
http://support.microsoft.com/default.aspx?scid=kb;EN-US;318378

Best wishes!
0
 
LVL 97

Accepted Solution

by:
war1 earned 1000 total points
ID: 16799765
manch03,

You should not have posted the HijackThis log here.  Instead, run an an analysis at http://hijackthis.de  then save the result and post a link to the result here.  Here is a link to the analyzed log

http://hijackthis.de/logfiles/11692d2455c62c2a9e15078299531095.html

Check the box next to the following items and have HijackThis "Fix Checked".
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup 1.0.0.15.cab

If you did not install the following items, have HJT remove them.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.10:8080
O16 - DPF: {03A89EFD-E023-8000-A22D-45F77558EB4C} (ILINCInstall80 Class) - http://lm-learnlinc-6.ilinc.com/download/ilinci80.dll


A newer version of HijackThis is available. Download HijackThis from
http://www.majorgeeks.com/download3155.html
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
LVL 97

Expert Comment

by:war1
ID: 16801579
manch03, you saved the analyzed log for v1.97.7.  You need to download HijackThis program v1.99.1 and run the log and analysis.
0
 

Author Comment

by:manch03
ID: 16809192
The higher version of Hijack helped resolve the issue - thanks
0
 
LVL 97

Expert Comment

by:war1
ID: 16812254
You are welcome, manch03 !
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I’ll show how research, determination, and use of modern technology helped me solve a DNA mystery.
Cyberspace is the new townsquare.  Does the change from a physical space to a digital space spell doom and destruction or growth and prosperity.
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
Where to go on the main page to find the job listings. How to apply to a job that you are interested in from the list that is featured on our Careers page.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question