help with some items on hijack this log file

By oringes
Jun 13, 2006
  1. I apologise in advance if I haven't followed the 'read this before posting hijack this log file' instructions completely.
    I've scanned my computer with Windows Defender [which found nothing harmful!],Spybot Search and Destroy,Ad-Aware SE Personal,AVG and ewido anti-malware. I then did a Hijack This scan and looked up the results in several databases and online analyzers and fixed about 6 items that were definetely nasty.I'm just not sure about a few.
    The main ones are 08 GoogleToolbar-related items, do I need GoogleToolbar at all? Does it do anything useful? If not how can I get rid of it completely or do I just fix the items with HiJack This?
    Other ones are 017 items which I have Googled the ip numbers and found to be sites that I HAVE visited before,but should they be in the log file? What would happen if I fixed these?
    Finally there is a 09 and a 016 item that has something to do with TrendMicro, am I right in thinking TrendMicro is some sore of antivirus program? I think I can remember getting it but it has since been out of use/expired.
    I will attach the sections of my log file that I'm unsure about and hopefully someone can clear up which I need to fix.
    Also I keep getting a message saying 'A script on this page is causing Internet Explorer to run slowly. If it continues, your computer may become unresponsive. Do you want to abort this script?' I have been clicking Yes.
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) -
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain =
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE080B0-8D68-403B-982A-15C90E603A9D}: NameServer =
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E55FB71-7466-4937-8E21-07D1DF83FE13}: NameServer =,
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D28C976-1044-4C55-969A-FCA51D8A1CEF}: NameServer =,
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB6C4844-99A2-4B60-B77B-0A6C8F1F4891}: NameServer =,
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A37E71-F9A1-4FF3-A923-8077E98EA128}: NameServer =,
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =,

    Only fix the above 017 entries, if they don`t belong to your ISP.

    O18 - Filter: text/html - {72D0CC78-7688-4A78-B9A7-2F05A94F11E0} - C:\Documents and Settings\USER\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    It`s up to you if you want to keep the Google toolbar. If you don`t want it. You can simply uninstall it from add remove programmes in your control panel.

    Trendmicro is indeed an antivirus application.

    Regards Howard :wave: :wave:
  3. oringes

    oringes TS Rookie Topic Starter

    thanks and...

    Thanks for getting back so quickly, I did everything you said, should I also un-check display the contents of system folders and re-check hide file ex.for known file types and hide protected opperating system files so that's all back to how it was aswell?
    After I rebooted into normal mode a bubble came up saying 'You may be a victim of software counterfeiting. This version of Windows is not genuine. Click this bubble to fix this problem.' When I clicked on it it brought up a page from and said 'You have encountered an unknown error. Please contact your local product support team for assistance.' The error number [I think it's the error number] was 0x80080299 What does this mean?? I've had a genuine version as far as I knew until now? Please help.
    I've attached my new hijack this log file, could you tell me if I'm clean now?
    One last thing, is GoogleToolbar a pop-up blocker? If I remove it I should get another pop-up blocker shouldn't I?
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    First, your HJT log is clean.

    Second, yes you can rehide your protected OS files etc.

    Third, I`m not sure what the problem may be with your Windows coming up as not being genuine, unless of course it isn`t.

    Maybe your should run the Windows updates and see if that fixes it.

    Regards Howard :)
  5. oringes

    oringes TS Rookie Topic Starter

    And again...

    Ok, and thanks for all your help!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...