Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hijack this will not remove some entries...

Status
Not open for further replies.
zobbo

zobbo

Technical User
Dec 21, 2004
80
IE
I think the R1 entries below are corrupt. Homepage keeps on changing. How do I get rid of them. I click "fix" in HJ then reboot - only to discover they have reappeared. How will I get rid of them?


Logfile of HijackThis v1.99.0
Scan saved at 14:39:46, on 30/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\ntuy32.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\citxn.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\citxn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\citxn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\citxn.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\citxn.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\citxn.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {BFBF7402-6F56-197C-30EF-A2D7ABD52E16} - C:\WINDOWS\ntqd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted IP range: (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntuy32.exe
 
Sort by date Sort by votes
I think aboutbuster could help with this version of cws.


Also this O16 line should get fixed.
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!
-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

moveit
  • Locked
  • Question
Firefox will not let me sign in to my Tesco account
Replies
4
Views
381
teknance
teknance
GriffMG
  • Locked
  • Question
Windows opened with script do not show links. IE11
Replies
1
Views
112
GriffMG
GriffMG
stillhanginon
  • Locked
  • Question
Is this a FF issue?
Replies
1
Views
76
ChrisHirst
ChrisHirst
ChuckG
  • Locked
  • Question
Trusted Sites not visible
Replies
0
Views
57
ChuckG
ChuckG
BionicJohn
  • Locked
  • Question
Twitter will not display in IE9 1
Replies
4
Views
48
BionicJohn
BionicJohn

Part and Inventory Search

Sponsor

Back
Top