TechSpot

help with some items on hijack this log file

By oringes
Jun 13, 2006
  1. I apologise in advance if I haven't followed the 'read this before posting hijack this log file' instructions completely.
    I've scanned my computer with Windows Defender [which found nothing harmful!],Spybot Search and Destroy,Ad-Aware SE Personal,AVG and ewido anti-malware. I then did a Hijack This scan and looked up the results in several databases and online analyzers and fixed about 6 items that were definetely nasty.I'm just not sure about a few.
    The main ones are 08 GoogleToolbar-related items, do I need GoogleToolbar at all? Does it do anything useful? If not how can I get rid of it completely or do I just fix the items with HiJack This?
    Other ones are 017 items which I have Googled the ip numbers and found to be sites that I HAVE visited before,but should they be in the log file? What would happen if I fixed these?
    Finally there is a 09 and a 016 item that has something to do with TrendMicro, am I right in thinking TrendMicro is some sore of antivirus program? I think I can remember getting it but it has since been out of use/expired.
    I will attach the sections of my log file that I'm unsure about and hopefully someone can clear up which I need to fix.
    Also I keep getting a message saying 'A script on this page is causing Internet Explorer to run slowly. If it continues, your computer may become unresponsive. Do you want to abort this script?' I have been clicking Yes.
    Thankyou
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135725831095
    O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE080B0-8D68-403B-982A-15C90E603A9D}: NameServer = 212.74.114.129 212.74.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E55FB71-7466-4937-8E21-07D1DF83FE13}: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D28C976-1044-4C55-969A-FCA51D8A1CEF}: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB6C4844-99A2-4B60-B77B-0A6C8F1F4891}: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A37E71-F9A1-4FF3-A923-8077E98EA128}: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175

    Only fix the above 017 entries, if they don`t belong to your ISP.

    O18 - Filter: text/html - {72D0CC78-7688-4A78-B9A7-2F05A94F11E0} - C:\Documents and Settings\USER\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    It`s up to you if you want to keep the Google toolbar. If you don`t want it. You can simply uninstall it from add remove programmes in your control panel.

    Trendmicro is indeed an antivirus application.

    Regards Howard :wave: :wave:
     
  3. oringes

    oringes TS Rookie Topic Starter

    thanks and...

    Thanks for getting back so quickly, I did everything you said, should I also un-check display the contents of system folders and re-check hide file ex.for known file types and hide protected opperating system files so that's all back to how it was aswell?
    After I rebooted into normal mode a bubble came up saying 'You may be a victim of software counterfeiting. This version of Windows is not genuine. Click this bubble to fix this problem.' When I clicked on it it brought up a page from microsoft.com and said 'You have encountered an unknown error. Please contact your local product support team for assistance.' The error number [I think it's the error number] was 0x80080299 What does this mean?? I've had a genuine version as far as I knew until now? Please help.
    I've attached my new hijack this log file, could you tell me if I'm clean now?
    One last thing, is GoogleToolbar a pop-up blocker? If I remove it I should get another pop-up blocker shouldn't I?
    Thanks!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    First, your HJT log is clean.

    Second, yes you can rehide your protected OS files etc.

    Third, I`m not sure what the problem may be with your Windows coming up as not being genuine, unless of course it isn`t.

    Maybe your should run the Windows updates and see if that fixes it.

    Regards Howard :)
     
  5. oringes

    oringes TS Rookie Topic Starter

    And again...

    Ok, and thanks for all your help!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...