# hijack list



## wendytyo (Jun 7, 2001)

can anyone look at my hijack list to see if there are any problems Thanks.

Logfile of HijackThis v1.94.0
Scan saved at 10:22:07 AM, on 6/4/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c99&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Roadrunner
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\smpa32fl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\smpa32fl.slt\prefs.js)
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {4178A354-348B-11D3-9AB2-00805F1A0ADB} - C:\CPQS\QUICKSR\HTMLS\QRSCRIPT.DLL (file missing)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - Startup: A1000 Settings Utility.lnk = C:\Program Files\Compaq\A1000\CPQA1000.exe
O4 - Startup: Compaq S200 Button Manager.lnk = C:\Program Files\Compaq S200 Scanner\S200Btns.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: BonziBUDDY.lnk = C:\Program Files\BonziBUDDY\BonziBDY.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Print Favorites (HKLM)
O9 - Extra 'Tools' menuitem: Print &Favorites... (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37774.7548842593


----------



## TonyKlein (Aug 26, 2001)

You have some spyware.

Do this:

In Hijack This, check ALL of the following items. Doublecheck so as to be sure not to miss a single one.
Next, shut down _all_ browser Windows, and have HT fix all checked.

You NEED to restart your computer when you're done.

*O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch

O2 - BHO: (no name) - {4178A354-348B-11D3-9AB2-00805F1A0ADB} - C:\CPQS\QUICKSR\HTMLS\QRSCRIPT.DLL (file missing)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL

O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: BonziBUDDY.lnk = C:\Program Files\BonziBUDDY\BonziBDY.EXE*

After rebooting, download Spybot - Search & Destroy

After installing, _first_ press *Online*, and search for, put a check mark at, and install *all updates*.

Next, _close_ all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.

Cheers,


----------



## walkeriam (Feb 19, 2002)

Wendy,
Is this the same computer we've been working on or a different one?


----------



## wendytyo (Jun 7, 2001)

hi yes it's the same computer i had to restore my computer so i ran hijack and wanted to see if there were any problems.then i went to windows update and installed all the updates for my computer.It prompted me to restart so i did and the computer would not go back to windows.So i had to restore my computer again.so I'm starting fresh AGAIN. Thank you


----------



## jackha (Nov 3, 2002)

Don't download any of there so called Security Fixes that's what screws up you're system...It's also why a lot of people have so much problem with IE6...Use Spybot or Adaware or anything but there so called fixes and also uncheck the automatic update in Internet Options>advanced so it won't be trying to do it automaticly...
Just what I think for what It's worth...


----------



## wendytyo (Jun 7, 2001)

Thank You jackha thats nice to know now that it took me about 4 or 5 tries to restore my computer i won't be downloading any more updates.. Thanks, Wendy


----------



## walkeriam (Feb 19, 2002)

How is your computer running now Wendy?


----------



## wendytyo (Jun 7, 2001)

it was doing pretty good but web pages seem to be (i don't know how to explain it) i guess like jumping or skipping and has froze 2 time in about 3 hours. by the way walkeriam i appreciate all the help you are giving me Thanks allot


By the way can you tell me why my back button on ie 6.0 don't work


----------



## walkeriam (Feb 19, 2002)

Since you have restored your computer, have you gone to the DEVICE MANAGER and Double CLICKED each hardware device, select the DRIVER TAB and click on UNDATE DRIVER?


----------



## wendytyo (Jun 7, 2001)

they are all updated ...i can't use my back button on IE 6.0 do you happen to know why.


----------



## walkeriam (Feb 19, 2002)

Go to this Microsoft Artical and read about that:
http://support.microsoft.com/default.aspx?scid=kb;en-us;298639


----------



## walkeriam (Feb 19, 2002)

If that is not your problem go to START>SETTINGS>CONTROL PANEL>ADD AND REMOVE PROGRAMS> scroll down to INTERNET EXPLORER 6 and click on ADD/REMOVE. A box should come up with the option to REPAIR. Click on REPAIR INTERNET EXPLORER and click OK. 

Hope that helps.


----------



## wendytyo (Jun 7, 2001)

i did the add remove and fix problem but its still doing that will prbally just go downlod netscape 7 thanks, wendy


----------



## walkeriam (Feb 19, 2002)

Is your BACK button grayed out or will it just not take you back?


----------



## wendytyo (Jun 7, 2001)

it just would not take me back to the previous web page..i downloaded Netscape 7.0 so i will just use it i heard its better than explorer


----------



## walkeriam (Feb 19, 2002)

Since you have NETSCAPE, you could Un-install IE6 and re-install it and see if the back button works then. Unless you are giving up on it?


----------



## wendytyo (Jun 7, 2001)

I uninstalled IE6 and i also downloaded Netscape 7.0 ...another problem i downloaded pop up stopper and for some reason it thinks my Netscape e-mail is a pop up add it wont let me open my mail. can i fix this and still keep Netscape mail.. i tried to push the ctrl button to let i go though but it did'nt work either.


----------



## walkeriam (Feb 19, 2002)

I don't know anything about Netscape so all I can suggest is to Un-install the pop-up stopper. Unless Pop-up Stopper has a setting to ignore netscape? Have you tried re-installing IE6?


----------

