TechSpot

Links Redirecting

By delawarefisher
Jan 19, 2009
  1. Hey guys, during the last few weeks, my web browsers (Yahoo and Google) have been redirecting me to other pages when I click on a specific link. I have run AVG, and Malwarebytes Anti-Malware, with no luck or solutions. At first I thought this was just an issue with Internet Explorer, so I tried Firefox, but the same thing happens. I have a HijackThis log attached to this thread, if anyone can help me out it would be greatly appreaciated.

    Thanks,

    Kevin
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please follow the 8 steps for malware removal HERE

    The HijackThis log alone is not enough. Please attach these logs:
    1. Malwarebytes
    2. Superatispyware
    3. HijackThis- new scan after the other 2 programs.

    The only bad entry showing in the HijackThis log is:
    O21 - SSODL: Cabikbro - {10B9FF71-0B1C-4FA1-8224-B83726759551} - C:\WINDOWS\system32\xmlinvid.dll

    But the other programs will help find and remove other malware entries.
     
  3. delawarefisher

    delawarefisher TS Rookie Topic Starter

    Thanks I will post them as soon as the other programs are done scanning.
     
  4. delawarefisher

    delawarefisher TS Rookie Topic Starter

    Here are the new logs: HijackThis, SuperAntiSpyware, and Malwarebytes.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I suggest you remove:
    SpySweeper
    Spybot - Search & Destroy
    Ad-Aware
    SuperAntiSpyware (its served its purpose)

    And McAfee (It's not the best protection Antivirus as you have disovered
    Then run the McAfee Removal Tool

    Install Avira free AntiVirus

    Then Restart

    Then start up Malwarebytes again; But this time update it; then run a full scan (remove all found Malwares)

    The logs would then require re-submitting
    Oh and your computer system will be running stacks better ;)



    Edit

    Also startup HJT again and run a scan
    Remove these two entries (Note I haven't been through the entire log)
    You will need to close your Internet browser before fixing them
     
  6. delawarefisher

    delawarefisher TS Rookie Topic Starter

    Thanks guys! The problem is fixed. Thank you again for your time,
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks for the update :grinthumb
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're not through yet@ As kimsland mentioned, only a part of the HijackThis log was mentioned. I found your redirect- it's to an IP in Latvia! Best we handle that!

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    1. Start> Run> services.msc> right click on Viewpoint Manager> Properties> Change the Startup type to Disabled> Stop the Service.
    2. Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK Viewpoint> Apply> OK
    3. Control Panel> Add/Remove Programs> UNINSTALL all Viewpoint entries.

    Reboot into Normal Mode.NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again. Stay in Selective Startup.

    Please Download and Install SDFix
    * Download SDFix HERE and save it to your Desktop.
    * Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Boot into Safe Mode
    * Restart your computer and start pressing the F8 key on your keyboard.
    * Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run SDFix
    Rescan with HijackThis when through and attach new log with SDFix report.

    And to stop the tracking Cookies:
    Reset Cookies:
    For Internet Explorer:Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks Bobbye :grinthumb

    When the member decides to stop, so do I
    As I informed him already that I had not finished checking the entire log
    And his reply was "problem is fixed" Who am I to argue that, he may have had someone else or another forum fix it.

    But still good (over and above) of you
    I just wanted you to know why I stop sometimes, it's not up to me to inform the member he still needs help, that's up to him ;)
     
  10. delawarefisher

    delawarefisher TS Rookie Topic Starter

    Bobbye,

    Thank I forgot to remove that entry from HijackThis. I have done the other things you mentioned, and ran SDFix, but on the reboot after I ran it, it says "Cannot load VDM IPX/SPX Support".

    Kimsland,

    I didn't know there was anything else to do, the problem seemed to be fixed. As you can probably tell I am not very good with these kinds of things, I am a newcomer, and I greatly appreciate what you guys are doing to help me, so I apoligize if you feel like I was ignoring you guys. That is most certainly not the case though, I was just happy to have my search engine back I just forgot about the other entries. Just wanted to clear that up.

    Thank you both again.
     
  11. delawarefisher

    delawarefisher TS Rookie Topic Starter

    Bobbeye nevermind the last thing I said, it did complete, here is the .txt file.
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please do a scan and log with HijackThis again ;)
    And attach it here
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    kimsland, I don't think she realized she wasn't finished. Sometimes when a user doesn't see what they thought was the only problem, they think they're through. I fully understand that you said you had not reviewed the entire log- I think I might have either reviewed none at all or all of the log as a misunderstanding is easy if only part if deal with.

    The message you got with SDFix appears to be a bug that is being checked now. It was found that if just let it sit for a couple minutes instead of taking any action like closing the program that it will start up correctly. The message is not specific to SDFix.

    However, it does appear that a log is generated in spite of this. try searching your computer for:
    C:\SDFix\Report.txt.

    dela, we do need to see one more scan with HijackThis.
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I'll agree with that
    For now on, it's all or nothing.
    Thanks :)
     
  15. delawarefisher

    delawarefisher TS Rookie Topic Starter

    Okay, here is the new hijack log.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Much better! I missed this entry first time:

    O4 - HKUS\S-1-5-21-2414362748-294787548-2523252751-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User '?')

    But since you have changed to Avira, you need to uninstall Trend Micro Internet Security in Add/Remove Programs found in the Control Panel.

    Technically you shouldn't have been running TeaTimer when you did the scans. But it appears that SDFix did it's job and since your problems have been resolved, we can remove the cleaning tools:

    Download OTCleanIt HERE & save it to your desktop.
    Clear your existing System Restore points and establish a new clean restore point:
    Let us know if we can be of any more help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...