Browser Redirecting

  PC Advice Sir 21:49 07 Jul 2004

My browser redirects me to another page when I visit a one-off website. The website loads temporarily and then redirects to MSN search page.
All other favourites and websites are unaffected, I think the browser is being hijacked some way. I recently removed a trojan virus with the help of PCA help forum, so I'm not sure if this is a remnant of that.
I've heard about the 'hijack this programme' and I ran a scan with it, but I don't understand the scan results log file, or what rogue element I should be looking for.

Can anybody offer any advice on a remedy for the problem?

Thanks in anticipation of some help.

  Night Ryder 21:52 07 Jul 2004

Very common problem. You need to install a popup blocker and spyware software.

  VoG II 21:53 07 Jul 2004

PLease post a HJT log file. I'me sure Nellie2 will know the answer. You may need to post it in two halves because of the 800 word limit but please post the lot including the "header" information.

  PC Advice Sir 22:07 07 Jul 2004

I have a pop up blocker and various spyware software (i.e. Adaware).

I enclose my log file below as advised in 2 parts.

Logfile of HijackThis v1.97.7
Scan saved at 18:27:08, on 07/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\paul\Desktop\Downloads\AVG\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - URLSearchHook: CnfSearch Class - {4E9E60F0-0C7A-4fe9-8EC2-9D5BA41757F0} - C:\WINDOWS\System32\ConfuSearch.dll
O1 - Hosts: search.netscape.com12.129.205.209
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\Program Files\ANONYMIZER\CORE\Anonymizer.dll
O2 - BHO: (no name) - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - C:\Program Files\ANONYMIZER\TOOLBAR\AnonymizerBar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

  PC Advice Sir 22:09 07 Jul 2004

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ChatSpace Full Java Client - click here
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - click here
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - click here
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - click here
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - click here
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - click here
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - click here
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - click here
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - click here
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D72BF8F-DCB4-418D-87A7-6D8195250B4B}: NameServer =

  PC Advice Sir 22:10 07 Jul 2004

I don't know how the 'click here' hyperlinks got in there...??

  Nellie2 21:02 08 Jul 2004

Hello PC Advice Sir

The click here links are a normally useful function of this message board, but when trying to decipher a hijack log they are a pain in the proverbial!!! :)

could you run hijackthis again, make sure all other browsers and windows are closed except for hijack this, put a tick against the following and click 'fix checked'

R3 - URLSearchHook: CnfSearch Class - {4E9E60F0-0C7A-4fe9-8EC2-9D5BA41757F0} - C:\WINDOWS\System32\ConfuSearch.dll

O1 - Hosts: search.netscape.com12.129.205.209

O2 - BHO: (no name) - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll

Then reboot and let me know if that helps any!

  PC Advice Sir 22:35 08 Jul 2004

Nellie2 thank you so much for that advice - I did as you said (backed up my registry and done a system restore just prior to the fix) I did close all those windows, shut it down/restarted, went to the website in question without any further apparent problem ~ page loads up as normal.

I did have a suspicion about the searchhook line in the scan result, but I was too doubtful about deleting/fixing anything, so I left it.

I'm delighted with the help you have provided, thats the second time the PCA help forum has rescued me in a week.

I sign off from this topic endorsed as RESOLVED thanks to your help.

My sincere thanks and gratitude to you. :-)


  PC Advice Sir 22:40 08 Jul 2004

Thanks to everyone prior to the solution too!



  Nellie2 23:20 08 Jul 2004

Thank you for the thank you.... it warms my heart! :)

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

HTC U12 Plus review: Hands-on

Brilliant (and Weird) World Cup 2018 Art and Design Projects

Best Android emulators for Mac

TV & Streaming : comment regarder Roland Garros ?