Over 1 million tech questions and answers.

requests for pages go to api.mybrowserbar.com

Q: requests for pages go to api.mybrowserbar.com

I posted this earlier on another part of the site and have been directed here by Koala. { It looks like your computer is still infected. Please follow these instructions and start a new thread in the Virus/Trojans/Spyware forum where an analyst will help you as soon as possible. }
------------------------------------

On a notebook (XP Home SP3 Polish), on which I've used Firefox for a long time, all attempts to go to e.g. www.xxxxx.com now lead me to api.mybrowserbar.com/gci/errors/......................www.xxxxx.com............... and a "Cannot find the server" error message. Googling on another machine produces alternative suggestions that a) some kind of malware is at work (possibly introduced by pdfcreator, which I've never used) - I've run Malwarebytes' Anti-Malware and SuperAntiSpyware and found and killed one item - or that b) this is something dumped on the machine by Dealio Toolbar, a Yahoo Add-on, which it's easy to install by mistake. I killed Dealio Toolbar and Yahoo Toolbar yesterday, after it had been on the machine, unwanted, for some time. The problem persists. I've uninstalled Firefox and installed a new 3.5.2 downloaded on another computer. No change.

I have no problems of this kind with a desktop, which I've just been told by Malwarebyte's product has lots of malware on it, or with a netbook connected by WiFi to a D-Link router.

Has anybody got any ideas?

-----------------------------

Koala told me to run DDS and GMER and send the results to you:

DDS.txt:

DDS (Ver_09-07-30.01) - NTFSx86
Run by John Presland MBA at 15:52:19.23 on 14/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.502.231 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\IRISCard 4 Pro\bmana620.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\DOCUME~1\JOHNPR~1\USTAWI~1\Temp\RtkBtMnt.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IRISCard 4 button manager] "c:\program files\iriscard 4 pro\bmana620.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\johnpr~1\menust~1\programy\autost~1\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {CFF9D8A3-6986-4B95-949F-BAF9EEDB355A} = 194.204.159.1,194.204.152.34
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnpr~1\daneap~1\mozilla\firefox\profiles\0aandw1o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\john presland mba\dane aplikacji\mozilla\firefox\profiles\0aandw1o.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\SearchSettingsFF.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSignPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
------------------

attach.txt (not zipped because its smaller than dds.txt):

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/05/2007 21:55:08
System Uptime: 14/08/2009 13:31:56 (2 hours ago)

Motherboard: Acer | | Grapevine
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U1 | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 74.294 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6233
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6233
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6233
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP625: 17/07/2009 08:20:02 - Punkt kontrolny systemu
RP626: 18/07/2009 08:53:10 - Avg8 Update
RP627: 21/07/2009 00:54:43 - Punkt kontrolny systemu
RP628: 21/07/2009 08:24:13 - Installed PowerDVD
RP629: 21/07/2009 20:07:51 - Installed PowerDVD
RP630: 21/07/2009 22:40:00 - Installed PowerDVD
RP631: 21/07/2009 22:47:26 - Installed PowerDVD
RP632: 21/07/2009 23:03:33 - Configured Driver Detective
RP633: 21/07/2009 23:04:15 - Installed Driver Detective.
RP634: 22/07/2009 10:22:03 - Software Distribution Service 3.0
RP635: 05/08/2009 22:36:28 - Punkt kontrolny systemu
RP636: 06/08/2009 03:00:21 - Software Distribution Service 3.0
RP637: 07/08/2009 03:14:53 - Punkt kontrolny systemu
RP638: 08/08/2009 04:14:54 - Punkt kontrolny systemu
RP639: 09/08/2009 05:14:53 - Punkt kontrolny systemu
RP640: 10/08/2009 06:15:06 - Punkt kontrolny systemu
RP641: 11/08/2009 07:15:23 - Punkt kontrolny systemu
RP642: 12/08/2009 03:00:27 - Software Distribution Service 3.0
RP643: 12/08/2009 16:32:15 - Removed Dealio Toolbar v4.0.
RP644: 12/08/2009 16:35:52 - Removed Windows Live Favorites for Windows Live Toolbar
RP645: 12/08/2009 16:36:50 - Removed Windows Live Toolbar
RP646: 12/08/2009 17:04:44 - Zainstalowano program Windows Internet Explorer 8.
RP647: 12/08/2009 1756 - Software Distribution Service 3.0
RP648: 12/08/2009 18:07:31 - Software Distribution Service 3.0
RP649: 13/08/2009 20:22:07 - Installed SUPERAntiSpyware Free Edition
RP650: 14/08/2009 03:00:26 - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 9.0 Professional Edition
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe? Photoshop? Album Starter Edition 3.0
Aktualizacja dla systemu Windows Internet Explorer 8 (KB972636)
Aktualizacja dla systemu Windows XP (KB951072-v2)
Aktualizacja dla systemu Windows XP (KB951978)
Aktualizacja dla systemu Windows XP (KB955839)
Aktualizacja dla systemu Windows XP (KB967715)
Aktualizacja dla systemu Windows XP (KB968389)
Aktualizacja dla systemu Windows XP (KB973815)
Aktualizacja krytyczna dla programu Windows Media Player 11 (KB959772)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)
Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398)
Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734)
Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB936782)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB972260)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB972260)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950759)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB953838)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)
Aktualizacja zabezpieczeń dla Windows XP (KB923689)
Aktualizacja zabezpieczeń dla Windows XP (KB941569)
AnVir Task Manager Free
ASAP Utilities
Atheros for Acer Driver 5.3.0.35_Foxconn Installation Program
Atheros Wireless LAN
Avanquest update
AVerMedia M104 Driver Uninstaller
AVG Free 8.5
Cardbox 3.0
CCleaner (remove only)
Choice Guard
CoffeeCup Free Zip Wizard
Crypt Edit Spell Checker
Defraggler (remove only)
Driver Detective
Error Expert 1.4
EVEREST Home Edition v2.20
filehippo.com Update Checker
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
IRISCard 4 Pro
Java(TM) 6 Update 11
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeChat
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Proofing Tools Disc 1
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft Software Update for Web Folders (Polish) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.19)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Okapi Rainbow
Orban/Coding Technologies AAC/aacPlus Player Plugin? 1.0
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 ? PLK
Pakiet sterownik?w systemu Windows - Nokia Modem (10/27/2008 3.9)
Pakiet sterownik?w systemu Windows - Nokia Modem (10/27/2008 7.01.0.1)
Pakiet sterownik?w systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
Pdf995
Poprawka dla programu Windows Media Player 11 (KB939683)
Poprawka dla systemu Windows XP (KB952287)
Poprawka dla systemu Windows XP (KB961118)
Ralink Wireless LAN Card
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Słownik języka polskiego PWN
Search Settings 1.2.1
Secunia PSI
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Sid Meier's Civilization 4 Gold
Sid Meier's Railroads!
Skype? 3.8
SMSC IrCC V5.1.3600.5 SP2
Sony Ericsson PC Suite 4.010.00
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The New Kosciuszko Foundation Dictionary
Update for 2007 Microsoft Office System (KB967642)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.1
XML Paper Specification Shared Components Language Pack 1.0
XnView 1.95.4

==== End Of File ===========================

---------------------------
ark.txt:

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-14 17:50:29
Windows 5.1.2600 Dodatek Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA4DB0B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Ark.txt seems far too short. It's certainly missing the data from the initially hiddenn pages to the right of Rootkit/Malware. I can't, though see any way to force recording of this. Please let me know if I'm doing something wrong.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: requests for pages go to api.mybrowserbar.com

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 104.4

On a notebook (XP Home SP3 Polish), on which I've used Firefox for a long time, all attempts to go to e.g. www.xxxxx.com now lead me to api.mybrowserbar.com/gci/errors/......................www.xxxxx.com............... and a "Cannot find the server" error message. Googling on another machine produces alternative suggestions that a) some kind of malware is at work (possibly introduced by pdfcreator, which I've never used) - I've run Malwarebytes' Anti-Malware and SuperAntiSpyware and found and killed one item - or that b) this is something dumped on the machine by Dealio Toolbar, a Yahoo Add-on, which it's easy to install by mistake. I killed Dealio Toolbar and Yahoo Toolbar yesterday, after it had been on the machine, unwanted, for some time. The problem persists. I've uninstalled Firefox and installed a new 3.5.2 downloaded on another computer. No change.

I have no problems of this kind with a desktop, which I've just been told by Malwarebyte's product has lots of malware on it, or with a netbook connected by WiFi to a D-Link router.

Has anybody got any ideas?

A:requests for pages go to api.mybrowserbar.com

It looks like your computer is still infected. Please follow these instructions and start a new thread in the Virus/Trojans/Spyware forum where an analyst will help you as soon as possible.

Read other 1 answers
RELEVANCY SCORE 46

Hi, I'm having the same trouble as the person in this thread. I'm not familiar with either of the programs used to fix theirs. http://forums.techguy.org/virus-oth...76-redirecting-api-mybrowserbar-com-slow.html
 

Read other answers
RELEVANCY SCORE 46

Basically, what happened is that on both Mozilla and IE, any website that I enter on the address bar goes to api.mybrowserbar.com which always finally comes up to "cannot find the page" page. Tried to search this one using another computer and found out that this is malware found when installing pdfcreator from pdfforge.net. This malware comes up as search settings 1.1.2 on the add/remove programs. Have already removed both pdfcreator and search settings 1.1.2 on the add/remove programs but now our laptop is so slow that everytime we use a program, it would definitely process commands so long that the programs will finally be not responding and hang. any suggestions on this? thanks.

A:api.mybrowserbar.com?!

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 46

When I try to log in to .qxl.no and after I have logged in to finn.no and clicked on a spesific button, My browser try to redirect to

mybrowserbar.com/cgi/errors.cgi?q=http%3A%2F%2Fwww%2Eqxl%2Eno%2FDefault%2FErrorPage%2Easp%3Fsend%3D1&type=dns&ISN=7CA1627A19B94E19BB458D8F564F56B7&ccv=128&cnid=867034&cco=US&ct=8

I have Installed McAfee SecurityCenter which is up to date, I have spybot search & destroy, I have done a scan without any positive matches for my problem described above.

What is the problem here, how can i Fix it ?

A:mybrowserbar.com

Hi,

Please do the following:
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 8 answers
RELEVANCY SCORE 46

My IE 8.0 has been locked into this website hxxp://api.mybrowserbar...etc No matter what website I try to get to I got the error that page cannot be connected to.
I had been using my DSL's (Frontier) provided home page which was based on Yahoo, but the home page had been changed to an older version that did not use Yahoo. Thinking that a virus or malware had changed my homepage, I changed the Home Page to the "about blank" option. This didn't work either, I still couldn't go to any webpages I wanted to go to and IE was being directed to the same location. At that point I dusted off Firefox and that is what I am using now. Thanks in advance for any help you folks can offer.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Pete at 11:49:13.79 on Sun 01/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1677 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEn... Read more

A:api.mybrowserbar

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 46

My browser is recently being redirected to api.mybrowserbar.com. I use Chrome. I've checked settings in Chrome and Inet Options and both are set to google - my home page. Yet, the browser continues to open to the above site.
I've run MLB and superspy but they didn't get rid of the problem. Looked in Uninstall for some program called "search settings" but didn't find any. I run windows 7 on a 2012 machine. need help. Thanks.
 

A:api.mybrowserbar.com

Read other 16 answers
RELEVANCY SCORE 45.2

my internet keeps disconnecting and reconnecting every 20 minutes to a hour for a few seconds to a few minutes. i will be contacting my isp later today bc of this problem. i have done a virus and malware scan, used driver checker, used ccleaner and ive checked my cable connections and still having issues. i was wondering if i removed it completely, or maybe i have some more problems? any help would be greatly appreciated, thanks in advance. DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Owner at 6:26:03.78 on Mon 12/07/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2560 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files\Common Files\... Read more

A:api.mybrowserbar removal

issue sloved after contacting my isp.

Read other 2 answers
RELEVANCY SCORE 45.2

I'll be going to any particular site...and get redirected to the following, see image:Here the HiJack this log...I've screwed up a PC or too trying this myself so I figured maybe someone out there can make a little more sense of what's going on here.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:15:51 PM, on 11/14/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Input Director\IDWinService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Input Director\InputDirectorSessionHelper.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Program Files\Citrix... Read more

A:MyBrowserBar 404 Error

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

I'm not that computer or tech savvy so I apologize in advance. Every time I open FF the same message comes up every time saying it can't connect to the server. I try to reload the page and yet instead of loading my homepage it says api.mybrowserbar can't load at this time. So I tried opening up other pages as well and all would send me to that message.

I did a small amount of research on the forum and found this thread (www.bleepingcomputer.com/forums/index.php?showtopic=254412&hl=mybrowser) and tried it and have the log I'm just not sure how to post it. Any help would be appreciated.

A:api.mybrowserbar problem

Do not...use someone else's malware thread...to attempt to correct your own system, please.

I will move this thread to our Am I Infected forum, for proper guidance.

Louis

Read other 2 answers
RELEVANCY SCORE 45.2

Hi,
A friend had my Sony VAIO and returned it with some janky malware that keeps redirecting my browser. I am including HJT log.
Thanks,
Liz

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:51 PM, on 2/25/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\FABULIZ\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Window... Read more

A:api.mybrowserbar.com redirect + HJT log

Ok here are the files... sorry about that. Used to the rules on a different site.


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464
Run by FABULIZ at 18:19:58 on 2013-02-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2822 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.c... Read more

Read other 1 answers
RELEVANCY SCORE 45.2

HiSince some time , when a webpage doesn't exist , a new adres comes in my brower bar (firefox) which starts with:"http://www.mybrowserbar.com/....."I thins it comes from a Yahoo toolbar which was installed with another program (I don't remeber).It seems to me that this problem also is connected with a software in my software list with the name "search settings 1.2.2". It is impossible to uninstall this software.Anyone who know's what's happening???Here some info from rootrepeal en hijackthis...Many thanx!!ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/10/03 14:43Program Version: Version 1.3.5.0Windows Version: Windows XP SP2==================================================Drivers-------------------Name: rootrepeal.sysImage Path: C:\WINDOWS\system32\drivers\rootrepeal.sysAddress: 0xBA12F000 Size: 49152 File Visible: No Signed: -Status: -Name: srescan.sysImage Path: srescan.sysAddress: 0xF8347000 Size: 81920 File Visible: No Signed: -Status: -Hidden/Locked Files-------------------Path: C:\hiberfil.sysStatus: Locked to the Windows API!Path: c:\program files\weatherlink\ellezell\uploadlist.txtStatus: Size mismatch (API: 0, Raw: 4937)SSDT-------------------#: 025 Function Name: NtCloseStatus: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf42e66b8#: 031 Function Name: NtConnectPortStatus: Hooked by &... Read more

A:"mybrowserbar" problem

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 2 answers
RELEVANCY SCORE 45.2

hi there. this is my first post. i have read  Before You Post About A Problem.
 
i believe that my problem is similar to this recent thread:
 
Browser lookups fail to api.mybrowserbar.com... is this an infection?
Started by CoastalData , Feb 05 2013 05:16 PM
 
this is an example of what happens under the same conditions as Coastal Data outlined:
 
http://api.mybrowserbar.com/cgi/errors.cgi?ct=15&type=dns&ccv=158&q=http://criticalcare.utoronto.ca/
 
my operating system is windows 7. my antivirus antivir and my firewall is online armour. chrome is my default browser (i also use opera).
 
given that every situation is unique i'm not sure to what extent i should follow the advice of that thread. i should add that i have made no attempt thus far to deal with this issue.
 
thanks in advance.
 
phil
 
 
 
 
 
 
 
 
 
 

A:Another api.mybrowserbar.com Problem

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 8 answers
RELEVANCY SCORE 44.4

Randomly when I am browsing the internet the web page will not load and instead I will be redirected to a page named api.mybrowserbar.com and say I have a 404 error. My internet has also been strangely slow lately. I have attached my Hijack This log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:24:12 PM, on 8/31/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Users\Andrew Stake\AppData\Local\Akamai\netsession_win.exe
C:\Users\Andrew Stake\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\Andrew Stake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Stake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Stake\AppData\Local\Google\Chrome\... Read more

A:Redirecting to api.mybrowserbar.com and Slow internet

Read other 9 answers
RELEVANCY SCORE 44.4

Keep getting alot of mybrowserbar redirects in firefox. My computer also seems slow in general.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:58 PM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\SOUNDMA... Read more

A:Mybrowserbar and slow computer in general.

Read other 16 answers
RELEVANCY SCORE 44.4

Malwarebytes doesn't recognize a problem....(updated today)when I try to go to a site (that I CAN reach with IE, that page loads....a few seconds later the page is redirected with the mssg that the the page cant load..has 'sponsored links' listed below.EDIT: Moved from Web Browsing to more appropriate Am I Infected forum ~ Hamluis.

A:Firefox hijacked by 'mybrowserbar.com' redirector

Hi, let's try it this way..>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected ... Read more

Read other 3 answers
RELEVANCY SCORE 44.4

Hello. When a DNS can not be resolved my computer tires to contact api.mybrowserbar.com (in firefox) also (it is not in the hosts file) I have also run scans with spybot and Adaware. Also Something allways changed my search back to yahoo despite my system trying to stop it.Here is my hijackthis log. Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:14:18 AM, on 10/6/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\McAfee\VirusScan Enterprise\shstat.exeC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Windows\WindowsMobile\wmdSync.exeC:\Program Files\Java\j... Read more

A:api.mybrowserbar.com and yahoo hikacking search bar

Yeah I cant see issue source either.

Read other 4 answers
RELEVANCY SCORE 44.4

I have been redirected to mybrowserbar and websitesurvey.com for the past 2 weeks. I am also, as of today's investigations, unable to complete a system restore. I do have a copy of a windows xp disc, so if needs be, I can tear down and reinstall. Obviously, I'd like to avoid that....
I have run antimalware programs to no avail. I have no additional information about my problem.

DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 23:42:58.50 on Tue 01/05/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.865 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\sv... Read more

A:Browser redirect, websitesurvey.com and mybrowserbar.com

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications,... Read more

Read other 6 answers
RELEVANCY SCORE 44

Hello,

Anytime a chrome lookup fails, I get redirected to some crappy page at api.mybrowserbar.com. I've scanned with MS Security essentials, and took a quick look with hijackthis, but didn't see it there.

Could somebody please help me?

Thanks in advance,

--Jon

A:Browser lookups fail to api.mybrowserbar.com... is this an infection?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 14 answers
RELEVANCY SCORE 43.2

Hi, thank you in advance for taking a look at this. My PC has been running a little slower than usual and when I get an error in Chrome trying to load a website I get redirected to the following site: http://api.mybrowserbar.com which from what i've read it sounds like it could be malware. I ran malware bytes but that didn't find anything. My PC has been running slower than normal and accessing my NAS has also been slower. When I try to stream a movie from the NAS on my PC it is slow and choppy. However when I stream it on my BluRay player it plays fine. If you need any other info please let me know. Any help would be very much appreciated!
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.17.2
Run by Ted at 13:47:24 on 2013-04-04
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7935.4887 [GMT -4:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\S... Read more

A:getting http://api.mybrowserbar.com page and PC running slow at times

Hello murfeezlaw I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 8 answers
RELEVANCY SCORE 42.4

Hey guys my browsers keep on redirecting me to these two.
Can you help me out
I already used malware-bytes
And eset-online scanner I think I need more help.
Okay have a nice one goodb ye

A:http://search.yahoo.com/?type=994519&fr=spigot-yhp-ff and api.mybrowserbar.error

Hello grungegrunge and Welcome -
We have found that spigot is now downloaded with IObit programs secretly.
 
Are you aware of having any IObit programs, like Advanced System Care and others installed ??
If you do have these installed, please remove them and use their uninstaller program.
 
Now try to Reset your home page(s) to what they were.
 
If you still have problems start with avast! cleanup tool to remove their toolbar.
 
Now - Download Autoruns to your desktop
Double click on Autoruns exe.
Allow the program to fully populate (this will take a few minutes)
Go > File > Save > Save as Autoruns.txt > File Type > All Files
Save to Desktop
Copy and Paste the Autoruns.txt back here
 
From here I can help you delete any remaining entry that may cause problems -
 
Thank You -

Read other 1 answers
RELEVANCY SCORE 36.4

i cannot enter captcha on any site as i cant see it for some reason i have attached few images which shows the cause of my problem.i have scanned my pc with multiple antivirus but nothing found."]3rd image is tested using Ubuntu but of no use. hope some one can help me as i found no solution for my problem which is causing problems in registering on various sites.i can enter captcha on very few sites eg. - YouTube.but it also says too many request from my network.thank you.

A:too many requests but from where??? help!!!!!!!

Hmm, have you tried clearing you cache?

Read other 4 answers
RELEVANCY SCORE 36.4

I don't know if this should go here or elsewhere but I am attempting to find a new gamertag for my xbox profile on the xbox.com account management page. After I make 20 or so checks for availability an error shows up below the input field saying an unexpected
error has occurred. This message does not stop showing up unless I wait a couple days which makes finding a new name very difficult. Am I being blocked by the server or is this another issue?

Read other answers
RELEVANCY SCORE 36

pl plllllllllllllllllll help
its urgent as my windows is showing stop screen error
i hav done antispyware scanning an then it asked for reboot i said yes an wen i started da windows its saying multiple irp requests
i cant even uninstall antispyware in safe mode as it is sayind windows installer is not proper pl reply soon..........

A:multiple irp requests

Hello and Welcome to TSF

You should have been patient and let the security team in the Hijackthis forum help you remove your infection, improper removal has caused your issue.

Use System Restore to a previous date to see if you can at least access windows in normal mode, then Look over the First Steps at Removing Malware and post the logs requested in the thread you started over in the Hijackthis forum.

Read other 1 answers
RELEVANCY SCORE 36

I certainly appreciate your position. Indeed you are correct that I originally posted a request for assistance on another forum. After getting a reply from another user on that forum and nothing from the moderators for 2 days I decided to post on your site/forum...thinking that the user reply had suggested to the moderators on the other site that I was already receiving assistance.I have since received a request for my HJT log and info files from the other site so I will rely on them for assistance, My apologies for any confusion this may have caused. It was not my intent. More it was my misunderstanding of how these forums work.Thank you again and again, my apologies for duplicate postings. It was not my intent to over-tax either forum. I was simply getting impatient and after some reading thought erroneously that the user reply to my original post suggested to them that I was already receiving assistance when I was not.

A:Multiple Requests for help

This thread will now be closed since the issue seems to be resolved.If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Read other 1 answers
RELEVANCY SCORE 36

I set up family safety for my 12 year old daughter, and ticked all the apps she can use freely. Every time she logs on the computer it pops up little messages telling her to request permission to use all the apps that I didn't give her access to. It's very annoying, so how do I stop it, other than the obvious but unhelpful step of letting her access everything?

A:Permission requests

Hello Andy, and welcome to Eight Forums.

The apps that are checked are the ones that are blocked instead. Only the unchecked ones are allowed.
Family Safety App Restrictions - Set and Manage in Windows 8
When you get a request to allow an app and either allow or block it as per the tutorial below, you and the user should not see the messages for that app anymore.

Family Safety Requests - Send and View in Windows 8
Hope this helps for now,
Shawn

Read other 1 answers
RELEVANCY SCORE 36

O2 - BHO: (no name) - {cd6caa5d-7035-43dc-abea-a89090a098fd} - C:\WINDOWS\system32\boheyuje.dll
O4 - HKLM\..\Run: [kagizoriha] Rundll32.exe "C:\WINDOWS\system32\kuririme.dll",s
O20 - AppInit_DLLs: C:\WINDOWS\system32\rirebuva.dll

The above lines from hijackthis seems suspicious and is persistent (returns after deletion). I think they are linked to the problem I am having with kasperski detecting requests to get to the address 77.74.48.105 to download what it thinks is malware from programs IE and win 32 services. It may even be causing my IE7 to not function once opened (currently using firefox).

A:PC slowdown; requests to 77.74.48.105

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, f... Read more

Read other 3 answers
RELEVANCY SCORE 36

Hello I am looking forward to an updated P72!! Some features I would like to see added vs P71: HDMI 2.0a support and DP 1.44k touchscreen option and a precision stylusTablet mode like the yoga hasHDR optionGsync external and LCD variable refreshUHD optical drive option10GB Ethernet or the interim 2.5/5Gb would be fineLatest WiFi standard .axtitanium to reduce the weightintel real3d camaracamera mechanical cover

A:P72 and features requests

Agree with all suggestions. Hoping for pen digitizer support mostly as I have the P51 version with digitizer presently.

Read other 8 answers
RELEVANCY SCORE 36

It's time for me to replace my old HP 200LX, and I can't seem to find a PDA that is suitable. Here are my search criteria:

I am 50 & my eyes aren't as good as they used to be.
I need a decent sized display (Palm Pilot types are
too tiny).

Besides the usual PDA (calendar, contacts, etc.), I want
to be able to run some Excel spreadsheets. My spread-
sheets can be robust, so I prefer a landscape display,
not the portrait shape of Palm Pilot type PDAs). Bonus
points for syncing up with my Quicken on my PC.

Connecting & syncing with my Windows PC is a good
idea. This device should augment my PC, not replace it.
(I do use MS Outlook).

My handwriting is horrible -- I need a keyboard, but
the keyboard can be small -- I don't mind hunting &
pecking on the PDA. I also don't mind navigating with
arrow keys.

Ideally, I'd like something about the size of a paperback book. I don't want a full sized laptop -- laptops are a bit big & too expensive. Finally, it would be nice if the device had modern conveniences, like ability to play MP3 files, surf the net, play some basic games, etc. I also wouldn't exclude from consideration any PDA / cell phone combination (although I don't have/use a cell phone yet).

Thanks in advance.run some Excel spreadsheets
 

A:PDA Recommendation Requests

Read other 6 answers
RELEVANCY SCORE 36

this keeps coming up day in day out and it's getting o be a pain

pic of IRQ's from device manager attached

is there a fault/issue with any?
 

A:Multiple IRQ Requests

This May Help
http://forum.notebookreview.com/showthread.php?t=54401
 

Read other 1 answers
RELEVANCY SCORE 36

Please read this carefully before posting.
The idea:
This thread is meant to collect user's request of new features to add to Windows 7, or to bring back features that were taken out since XP / Vista, and are sorely missed.
The idea is to create a list that MS might want to take a look at.
For this to have a chance, we need to keep the thread clean, and free of unnecessary comments and discussions.
So we need a set of rules.
The rules:


   Information

1. No rants, no debates or discussions, no personal comments, no reactions to other posters, no MS bashing, period!

2. Maximum of 10 lines. So make sure your post is clear and to the point.
One or two words more won't matter, but don't push your luck.

3. Posting of screenshots is allowed to clarify your point.

4. No utopian requests, keep it reasonable.

5. Double posts and posts with features already requested by others will be deleted.

6. Adding a reason why you want it is allowed, but remember the 10 line rule.

7. If a user posts a problem that can be fixed, no help allowed other than saying poster should open a thread about his problem.


   Warning

Not complying with these simple rules, will get your post removed.


   Information

1. Please examine the list to see if your request is already there.

2. Please think about what you're requesting is a good thing for less knowledgeable users.
Example: Making editing the context menu easier, could lead to u... Read more

A:Requests to Microsoft.

A small (IMO not needed) but greatly requested feature reinstated. Put back the wireless icon activity in the tray of the Superbar

Read other 9 answers
RELEVANCY SCORE 36

I'm a programmer, and installed wireshark on my xp machine to do some tcp/ip work. I noticed, even with no programs running I get a constant stream of dns requests to my routers ip.

the requests look like this:
46189 3959.607565 192.168.2.2 192.168.2.1 DNS Standard query PTR 4.160.15.219.in-addr.arpa

46247 3991.834562 192.168.2.2 192.168.2.1 DNS Standard query PTR 210.168.161.188.in-addr.arpa

46201 3972.852314 192.168.2.2 192.168.2.1 DNS Standard query PTR 20.71.103.82.in-addr.arpa

and the responses look like this:
46212 3985.801191 192.168.2.1 192.168.2.2 DNS Standard query response PTR WL.hsd1.fl.comcast.net

46206 3980.680231 192.168.2.1 192.168.2.2 DNS Standard query response PTR pool-173-67-9-33.bltmmd.fios.verizon.net

46199 3968.951943 192.168.2.1 192.168.2.2 DNS Standard query response PTR c-75-70-255-177.hsd1.co.comcast.net

From what I can gather, the requests all look like home isps. There also seems to be a lot of foreign countries like .br and .jp a lot. Has anyone seen anything like this before?
 

A:weird dns requests

welcome to TSG

have you googled all those names? there seems to be no warnings about them
 

Read other 1 answers
RELEVANCY SCORE 36

The network that I am currently trying to patch up is peer to peer with about 20 machines (win 98 and nt workstation). The company is not willing to switch to a server based configuration at this point. However I am trying to do as much centralized administration as possible.
I want to be able to view the connections (net watcher) to any given computer on the network from one 98 machine. It was easy to set this up on all of the 98 machines, how can I view this information on the nt boxes from the 98 machine. When I try to access the nt machines with net watcher it tells me that the computer does not accept remote requests. If this is not possible can you tell me how to view this information on all of the nt boxes from one nt box.

Thanks,
Monty
 

Read other answers
RELEVANCY SCORE 36

Is there a place that we can leave feedback or requests for the ATA product?

There are a few things i would like to see changed.  

1.  Alerting
We get alerts during backup windows that the ATA cant keep up but it doesn't seem to have anything to do with CPU or RAM.  In addition, we have no users in the system at that time so i find it very hard to believe
that this is true.  I would like to set time windows where we can exclude these alerts or maybe thresholds where if it is seeing that for 5 minutes, 10 minutes etc.
2.  Email Audience
I would like to be able to say these types of emails go to this distribution list and those go to another so that we keep the number of alerts the team gets down a bit.  
3.  Suspicious Activity
When we get an alert warning of suspicious activity and click the link to take a look, the first thing you have to do is answer whether it is normal or not, but we cant click the link to see the suspicious activity unless
we open the excel file in the email.  This should be adjusted.  

Read other answers
RELEVANCY SCORE 36

hello mates... i am facing problwm from few days back that when i send request then i get a message i forgot.. can any one plz help me?

A:MSN requests problem

plz help me frieds..

Read other 2 answers
RELEVANCY SCORE 36

Hi there all,

I am using a Vodafone 3G Modem om my pc, however I cant send receive USSD commands .. is the software that you can direct me towards that I can use. I am using the Cell C Network in South Africa. I have searched on the net and most of the stuff I find simply doesnt work. If possible could someone assist me wit this request? Just a nice & simple interface that actualy works.
Kind regards

Read other answers
RELEVANCY SCORE 36

I suspect some kind of phishing bug but I am not sure what might cause this issue.
In the 17 years since I started using a computer I have gotten only a few requests to log into the server when I opened my email client. It has been more than a decade since I saw one.
In mid October this happened randomly and I ignored it. Instead I opened my properties folder and checked each tab and closed it. Then I was able to get my email.
After that I think the next day maybe a couple of days later it came back only this time it wouldn't let me get my email when I checked the properties. I ran an MSE scan and it seemed to fix the problem.
Then a week later the same thing happened. This time checking properties and doing an MSE scan had no effect. I was able to send a test email but I did not receive it. I ran an ESET online scan. This seemed to "fix" whatever was causing the log in request. Since about 28 Oct until today there was nothing then this morning it has come up again with a twist; When I check the properties folder my user name and password lines were blank!
I am running an MSE scan and ESET is on deck to run right after. I feel like I am getting a bug from somewhere that is raising a false need to log in so that my password can be gotten. IDK ?????
 

A:Suspicious log in requests

Read other 7 answers
RELEVANCY SCORE 36

Well, when I installed IE8, it requested to run add-ons on websites:On some web-sites I ran this add-ons:but, when I run add-ons IE displays Security Warning:I have already installed Adobe Flash Player 10 ActiveX and Adobe flash player plugin, but I think one of them is Opera's Which of them should I run? Run add-on on each website or run add-ons on all websites?

A:IE 8 requests to run add-ons on websites

You can safely run Adobe flash player. That warning is just to let you know that this add-on was already there and asks you to confirm that you want to run it.
Its up to you if you want to decide for every site apart with flash-content if you want to run it or if you want to enable it for all sites. Its no security risk to allow it for all sites.

Read other 5 answers
RELEVANCY SCORE 35.6

So earlier today I noticed there was some issue with a lot of pages load pages loading up for me. FOR EXAMPLE.... A lot of pictures (not all)
Appear distorted like so:
 
 
http://s12.postimg.org/mj142vz8c/distort.jpg
 
In this other image you can see a page loading the HTML code
 
http://s23.postimg.org/4mclb103u/ditort_2.jpg
 
In an attempt to work this out myself, I updated my java and adobe flash shockwave to it's newest settings. But yeah.... this is where I'm at. Any help would be awesome.
I don't think this is a graphic card issue, as this is actually happening on all my computers.
 
I'm using the most current up to date firefox.

Read other answers
RELEVANCY SCORE 35.6

Hi,
 
I appear to be having trouble with my firefox browser.
 
My operating system is Windows 8.1. I have an Acer Aspire V3-772G which I bought some 18 months ago.
 
System details:
 
Processor: Intel® Core i7-4202MQ 2.2GHz with Turbo Boost up to 3.2GHz
Installed Memory (RAM) 16.00 GB DDR3 L Memory
System  type: 64-bit Operating, x64- based processor
 
A few days ago my firefox browser, which for no apparent reason at all, just seemed to slow to a stupendously very slow loading of pages. I had recently just been working on an issue in which I posted a thread regarding whether there was a possible virus/malware after google chrome terminated with the following message from Hitman Pro Alert:
 
 
Attack Intercepted
'Google Chrome 49' has been terminated to prevent execution of malicious code. Please check your computer for malware and software updates
 
As it happened, it appeared to be because of a conflict somewhere in the Google Chrome, Trusteer Rapport and Hitman Pro Alert combination, and so the only way was to change the settings on Hitman Pro Alert as advised and shown in my thread:
 
http://www.bleepingcomputer.com/forums/t/611273/possible-virus-or-malaware/
 
However, there was no malware or virus detected by my own Avast or Malwareware bytes tools, and the tools used as instructed in the thread also showed my system to have none. Also, google chrome works fine, and my computer has not slowed in any way. My fir... Read more

A:Firefox browser issue. Really slow loading pages, and glitchy scrolling of pages

Sorry if I missed it, did you earlier, during the uninstall and reinstall of Firefox, clear Firefox's cache files, not any other files, just the cache files?

Read other 6 answers
RELEVANCY SCORE 35.6

I have this blue screen problem!!.. I can't format my machine and my current software is Vista.. But I tried to load XP, when starting to load after pre-loading, I took this blue screen alert!!.. How can I format my machine? HELP ME PLS!!

Read other answers
RELEVANCY SCORE 35.6

I had a virus on Windows 7 and norton removed it. Now, when I type mozilla.org in the URL bar I get redirected to another site. This is quite annoying. The only place I know to check for this is in the hosts file but it seems benign. Please help. Thank You.I tried running gmer but I keep receiving errors when it runs so I'm posting what I have. Below are the hijack this log and dds log. The attach.txt is attached.The viruses/problems that Norton Removed have been: SpywareGuard200842441975-585950advmain.class78d6980a-35b72d9dvmain.classDWH2D74.tmp---------------------------------------HijackThis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:27:30 AM, on 8/4/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\P... Read more

A:Firefox redirecting my url requests

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The... Read more

Read other 2 answers
RELEVANCY SCORE 35.6

Hey Guys,

Just wondering if anybody could help me out with this issue I am having. In Outlook is there a way to CC: people on a task request assigned to someone else without assigning the task to the people on the CC: list? Been trying to locate a way to do this without any success. Thanks again guys

Norton
 

Read other answers
RELEVANCY SCORE 35.6

I thought we had cleaned up all the keylogger spyware from the ex-boyfriend but it's all started again. Even my stored password accounts are asking for a password 2 or 3 times. Very unusual. I didn't open email with attachments either. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:54:15 PM, on 9/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Mozy\mozybackup.exeC:\Program Files\Mi... Read more

A:Mulitiple Password Requests

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 35.6

Hi Friends,in my LAN i have 9 laptops, OS installed on them are: 2 Windows 71 Windows vistarest have XP professional.all are getting internet connection and IP address from a SMC router.the problem is that i am getting continous ARP request from vista PC, and request for unknown IP address not in my network.No.     Time        Source                Destination           Protocol Info      1 0.000000    HonHaiPr_30:6d:7c     Broadcast             ARP      Who has 172.16.1.10?  Tell 172.16.1.105      2 0.621020    HonHaiPr_30:6d:7c     Broadcast             ARP      Who has 172.16.1.222?  Tell 172.16.1.105      3 0.625947    HonHaiPr_30:6d:7c     Broadcast             ARP      Who has 172.16.1.69?  Tell 172.16.1.105      4 0.626831    HonHaiPr_30:6d:7c     Broadcast     &... Read more

A:Getting continous ARP requests from a single PC

More than likely you had old network printers , or a printer, that had been configured at IPs that were no longer valid. Deleting the old printers and/or copies of printers will fix it.
When I discovered a computer on our network doing this I came across this forum, and therefore your post, which gave me the idea to check the guys printer list. Two old copies of the downstairs printer were still there, both with pending prints showing.
Checking the ports on each showed the two IP address the machine had been sending out packets for.
 
I know this is an old post, but.... someone else might come along later with the same problem.

Read other 23 answers
RELEVANCY SCORE 35.6

im having a problem with someone who is using a program named "netcut" that uses arp protocol to fool the gateway and other connected devices with a fake MAC addresses. this causes to disconnect the fooled devices from the network.

im thinking now of a solution for the problem. as far as i know that arp requests connot be blocked by firewall application. is there a way to block the arp and use only static arp entries instead of dynamic. i want a practical solution to this problem.
thank you
 

A:how to disable arp requests in my network ?

any ideas ?
 

Read other 2 answers