Api.browswerbar.com - redirection problem

Hello Geeks ,


For a while now this laptop has been terribly slow . I have already removed all crapware via a crapware remover downloaded from here . That has freed up a lot of memory and also got rid of another problem i had of been unable to download any exe files from the internet ( solved in the software forum , thankyou , you guys are great! )



So , my new problem is I only use google chrome , sometimes it works fine , but quite often im a redirected to "mybrowserbar.com" and i also get "dns" error messages on google . Very annoying !

Ive also noticed that sometimes the windows system processes in the task manager is using 400000 units of memory sometimes , that doesnt look right to me and i wonder if it might be related to the browser hijack issue.


First of all i have been through all the steps in the "read me first " section and the " vista malware remove guide" as well as "fixing google redirection ". ( eg - disable user acc control , disabled anti virus , disabled firewall , flusH dns cache , run CC Cleaner ect) .

Ive installed TDSS Killer , MalwareBytes , MGTools ,Rouge Killer , PandaCloudCleaner . I am not in a position to install HitManPro as its not freeware and i do not have the funds to pay ( hard times )

Tdss killer came up clean - log attached

Malware Bytes is coming up clean - log attached.

Panda Cloud (malware) Cleaner and panda antivirus scan both coming up clean . - unsure which is the correct log for the P Cloud cleaner ...i found 2 possible logs in the program folder , i have attached the one that looks likes its the right one - Pcloudcleaner.logtxt ( i hope so ) . The other one was called "mylog.txt" which i can send if the above is incorrect?

**** !!!!! Rouge Killer as found several dodgy items by the looks of it - its the only prog that has found anything !!!!!!!!!**** - log attached

MG Tools run n logged also , looks like it has picked up some "suspicious processes"

 

- HitmanPro is free to scan.
Please scan and attach the log from HitmanPro.

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 20
• Java(TM) 6 Update 6

__

Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  

• Now click the button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Thanks !! I never realised that Hitman Pro had a free option.

Doing that now , and getting rid of Java n running OTL

Will report back with logs ASAP

 

Java removed .

HitmanPro n OTL logs attached

 

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.

Code:

[COLOR="DarkRed"]:otl[/COLOR]
IE - HKU\S-1-5-21-2090044734-4024905540-2670340891-1004\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-2090044734-4024905540-2670340891-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - File not found [Auto | Stopped] -- C:\Users\crystal\AppData\Local\Temp\016843~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0168431279576795mcinstcleanup)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
[COLOR="DarkRed"]:reg[/COLOR]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[emptytemp]

Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

 

done !!

 

Looks good. Does this problem still persist in Chrome?

 

It is all looking good and working back to normal !

Excellent! The best computer/geek site on the net.

A million thanks !! cool

 

You're welcome

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe