Links Redirecting

[delawarefisher]

Hey guys, during the last few weeks, my web browsers (Yahoo and Google) have been redirecting me to other pages when I click on a specific link. I have run AVG, and Malwarebytes Anti-Malware, with no luck or solutions. At first I thought this was just an issue with Internet Explorer, so I tried Firefox, but the same thing happens. I have a HijackThis log attached to this thread, if anyone can help me out it would be greatly appreaciated.

Thanks,

Kevin

 

[Bobbye]

Please follow the 8 steps for malware removal HERE

The HijackThis log alone is not enough. Please attach these logs:
1. Malwarebytes
2. Superatispyware
3. HijackThis- new scan after the other 2 programs.

The only bad entry showing in the HijackThis log is:
O21 - SSODL: Cabikbro - {10B9FF71-0B1C-4FA1-8224-B83726759551} - C:\WINDOWS\system32\xmlinvid.dll

But the other programs will help find and remove other malware entries.

 

[delawarefisher]

Thanks I will post them as soon as the other programs are done scanning.

 

[delawarefisher]

Here are the new logs: HijackThis, SuperAntiSpyware, and Malwarebytes.

 

[kimsland]

I suggest you remove:
SpySweeper
Spybot - Search & Destroy
Ad-Aware
SuperAntiSpyware (its served its purpose)

And McAfee (It's not the best protection Antivirus as you have disovered
Then run the McAfee Removal Tool

Install Avira free AntiVirus

Then Restart

Then start up Malwarebytes again; But this time update it; then run a full scan (remove all found Malwares)

The logs would then require re-submitting
Oh and your computer system will be running stacks better



Edit

Also startup HJT again and run a scan
Remove these two entries (Note I haven't been through the entire log)
You will need to close your Internet browser before fixing them

O1 - Hosts: 94.247.2.216 www.google.com
O1 - Hosts: 94.247.2.216 search.yahoo.com

 

[delawarefisher]

Thanks guys! The problem is fixed. Thank you again for your time,

 

[kimsland]

Thanks for the update :grinthumb

 

[Bobbye]

You're not through yet@ As kimsland mentioned, only a part of the HijackThis log was mentioned. I found your redirect- it's to an IP in Latvia! Best we handle that!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O1 - Hosts: 94.247.2.216 www.google.com
O1 - Hosts: 94.247.2.216 search.yahoo.com
O21 - SSODL: Cabikbro - {10B9FF71-0B1C-4FA1-8224-B83726759551} - C:\WINDOWS\system32\xmlinvid.dll
23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

1. Start> Run> services.msc> right click on Viewpoint Manager> Properties> Change the Startup type to Disabled> Stop the Service.
2. Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK Viewpoint> Apply> OK
3. Control Panel> Add/Remove Programs> UNINSTALL all Viewpoint entries.

Reboot into Normal Mode.NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again. Stay in Selective Startup.

Please Download and Install SDFix
* Download SDFix HERE and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run SDFix

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
* Attach Report.txt back here

Rescan with HijackThis when through and attach new log with SDFix report.

And to stop the tracking Cookies:
Reset Cookies:
For Internet Explorer:Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

 

[kimsland]

Thanks guys! The problem is fixed. Thank you again for your time,

Thanks Bobbye :grinthumb

When the member decides to stop, so do I
As I informed him already that I had not finished checking the entire log
And his reply was "problem is fixed" Who am I to argue that, he may have had someone else or another forum fix it.

But still good (over and above) of you
I just wanted you to know why I stop sometimes, it's not up to me to inform the member he still needs help, that's up to him

 

[delawarefisher]

Bobbye,

Thank I forgot to remove that entry from HijackThis. I have done the other things you mentioned, and ran SDFix, but on the reboot after I ran it, it says "Cannot load VDM IPX/SPX Support".

Kimsland,

I didn't know there was anything else to do, the problem seemed to be fixed. As you can probably tell I am not very good with these kinds of things, I am a newcomer, and I greatly appreciate what you guys are doing to help me, so I apoligize if you feel like I was ignoring you guys. That is most certainly not the case though, I was just happy to have my search engine back I just forgot about the other entries. Just wanted to clear that up.

Thank you both again.

 

[delawarefisher]

Bobbeye nevermind the last thing I said, it did complete, here is the .txt file.

 

[kimsland]

The logs would then require re-submitting

Please do a scan and log with HijackThis again
And attach it here

 

[Bobbye]

kimsland, I don't think she realized she wasn't finished. Sometimes when a user doesn't see what they thought was the only problem, they think they're through. I fully understand that you said you had not reviewed the entire log- I think I might have either reviewed none at all or all of the log as a misunderstanding is easy if only part if deal with.

The message you got with SDFix appears to be a bug that is being checked now. It was found that if just let it sit for a couple minutes instead of taking any action like closing the program that it will start up correctly. The message is not specific to SDFix.

However, it does appear that a log is generated in spite of this. try searching your computer for:
C:\SDFix\Report.txt.

dela, we do need to see one more scan with HijackThis.

 

[kimsland]

said you had not reviewed the entire log- I think I might have either reviewed none at all or all of the log

I'll agree with that
For now on, it's all or nothing.
Thanks

 

[delawarefisher]

Okay, here is the new hijack log.

 

[Bobbye]

Much better! I missed this entry first time:

O4 - HKUS\S-1-5-21-2414362748-294787548-2523252751-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User '?')

But since you have changed to Avira, you need to uninstall Trend Micro Internet Security in Add/Remove Programs found in the Control Panel.

Technically you shouldn't have been running TeaTimer when you did the scans. But it appears that SDFix did it's job and since your problems have been resolved, we can remove the cleaning tools:

Download OTCleanIt HERE & save it to your desktop.

Double click on OTCleanIt.exe.
Click on CleanUp!.
It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
You will receive a prompt that it needs to restart the computer to remove the files>
Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.

Clear your existing System Restore points and establish a new clean restore point:

Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
* Next, go to Start > Run and type in *cleanmgr*
"Ensure the selection is on C:\ and click on OK"-
* Select the *More options* tab
* Choose the option to clean up System Restore and OK it.
* This will remove all restore points except the new one you just created.

Let us know if we can be of any more help.