IE won't work after redirect "fix"

Discussion in 'privacy problems' started by 47 Shots, Oct 26, 2003.

Thread Status:
Not open for further replies.
  1. 47 Shots

    47 Shots Registered Member

    Joined:
    Oct 26, 2003
    Posts:
    4
    I rarely use IE but the last time I ran SpywareBlaster it said IE had a vulnerability with getting hijacked by redirects. I said okay, fix it, and then all I got after that was the same redirect error msg, no matter which website I tried. It was this:

    THis redirect is a test page

    With the caps like that, screwed up.

    I used the Restore function in SB and now I get the standard error message that you might get if you're offline, i.e.: "This page cannot be displayed..." However my other browsers work fine (and yes, I am online). :]

    Any ideas what I did wrong, or how I can edit the reg to fix this? Much thanks!

    47 Shots
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi 47 shots,

    Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet.

    Regards,

    Pieter
     
  3. 47 Shots

    47 Shots Registered Member

    Joined:
    Oct 26, 2003
    Posts:
    4
    Thanks Pieter,

    Here's the log you requested:

    Logfile of HijackThis v1.97.3
    Scan saved at 8:04:44 AM, on 10/27/03
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    E:\FIREWALL-OUT-FREE\OUTPOST.EXE
    C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    D:\RAM IDLE\RAM_9X.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\PGP\PGPTRAY.EXE
    E:\VIRTUALNOTES\RE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PEGASUS\WINPM-32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    E:\MOZILLA\MOZILLA.EXE
    C:\PROXOMITRON\PROXOMITRON.EXE
    E:\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://yahoo.com"); (C:\Program Files\Netscape\Users\myusername\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Outpost Firewall] E:\FIREWALL-OUT-FREE\outpost.exe /waitservice
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [RAM Idle] D:\RAM Idle\RAM_9X.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - Startup: PGPtray.lnk = C:\Program Files\PGP\PGPTray.exe
    O4 - Startup: Re Virtual Notes.lnk = E:\VirtualNotes\Re.exe
    O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
    O9 - Extra button: Offline (HKLM)
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
    O9 - Extra button: Net2Phone (HKLM)
    O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O15 - Trusted Zone: www.space.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    --end paste--

    47 Shots
     
  4. 47 Shots

    47 Shots Registered Member

    Joined:
    Oct 26, 2003
    Posts:
    4
    HOLD THE PHONE!

    Ignore that last Hijack log. I use a laptop and a desktop and switch often between them. I forgot that IE is not working on the LAPTOP. The log is from my desktop.

    Let me boot up the laptop and repeat that on the right machine. :)

    I get "47 Shots" at this, right?
     
  5. 47 Shots

    47 Shots Registered Member

    Joined:
    Oct 26, 2003
    Posts:
    4
    Hey Pieter,

    I booted the laptop, ran HijackThis, then thought I should try IE again just to double-check that it was still fnarked. It worked! Seems all that was need was a re-boot after using the Restore function.

    Yes, I feel stupid. Let's see if I can find a face up there.. :oops:

    Thanks so much. Sorry to bother you!

    47 Shots
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi 47 Shots,

    Glad to hear everything is fine.
    Still 46 shots left and I checked the log of your desktop, which looks fine. ;)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.