I rarely use IE but the last time I ran SpywareBlaster it said IE had a vulnerability with getting hijacked by redirects. I said okay, fix it, and then all I got after that was the same redirect error msg, no matter which website I tried. It was this:

THis redirect is a test page

With the caps like that, screwed up.

I used the Restore function in SB and now I get the standard error message that you might get if you're offline, i.e.: "This page cannot be displayed..." However my other browsers work fine (and yes, I am online). :]

Any ideas what I did wrong, or how I can edit the reg to fix this? Much thanks!

47 Shots

Hi 47 shots,

Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter

Thanks Pieter,

Here's the log you requested:

Logfile of HijackThis v1.97.3
Scan saved at 8:04:44 AM, on 10/27/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
E:\FIREWALL-OUT-FREE\OUTPOST.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
D:\RAM IDLE\RAM_9X.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\PGP\PGPTRAY.EXE
E:\VIRTUALNOTES\RE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PEGASUS\WINPM-32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
E:\MOZILLA\MOZILLA.EXE
C:\PROXOMITRON\PROXOMITRON.EXE
E:\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://yahoo.com"); (C:\Program Files\Netscape\Users\myusername\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Outpost Firewall] E:\FIREWALL-OUT-FREE\outpost.exe /waitservice
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RAM Idle] D:\RAM Idle\RAM_9X.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - Startup: PGPtray.lnk = C:\Program Files\PGP\PGPTray.exe
O4 - Startup: Re Virtual Notes.lnk = E:\VirtualNotes\Re.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O9 - Extra button: Offline (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.space.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--end paste--

47 Shots

HOLD THE PHONE!

Ignore that last Hijack log. I use a laptop and a desktop and switch often between them. I forgot that IE is not working on the LAPTOP. The log is from my desktop.

Let me boot up the laptop and repeat that on the right machine. :)

I get "47 Shots" at this, right?

Hey Pieter,

I booted the laptop, ran HijackThis, then thought I should try IE again just to double-check that it was still fnarked. It worked! Seems all that was need was a re-boot after using the Restore function.

Yes, I feel stupid. Let's see if I can find a face up there.. :-[

Thanks so much. Sorry to bother you!

47 Shots

Hi 47 Shots,

Glad to hear everything is fine.
Still 46 shots left and I checked the log of your desktop, which looks fine. ;)

Regards,

Pieter