Jump to content

HJT and Malwarebytes Scans


john9611
 Share

Recommended Posts

I had caintry_boy helping me with a problem I've been having. I scaned with Malwarebytes and it found some problems. It did not fix the problem. He suggested I do a HJT and post both Malwarebyte and HJT here. So when you get the time please look over the scans. Thanks John

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8367

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/16/2011 8:29:54 PM

mbam-log-2011-12-16 (20-29-54).txt

Scan type: Full scan (C:\|)

Objects scanned: 231878

Time elapsed: 51 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 13

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 46

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137327.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137328.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137330.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137331.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137332.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137359.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137362.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137380.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137363.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137364.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137365.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137366.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137367.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137368.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137369.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137370.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137371.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137372.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137373.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137374.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137375.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137376.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137377.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137378.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137379.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137381.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137382.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137383.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137384.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137385.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137386.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137387.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137388.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137390.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137391.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137392.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137393.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137394.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137406.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137407.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137408.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137409.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137410.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137411.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP782\A0137412.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\documents and settings\HP_Owner\my documents\my pictures\my pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.

 

 

NOW HJT....

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:30:10 PM, on 12/16/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: PDFLite Toolbar Helper - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - http://launch.soe.com/plugin/web/SOEWebInstaller.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - https://stngreports.crossmark.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=wofwli2syt4wcb55lnzs3x45&ControlID=3f4484dddb784e159d03536e30e2a6d1&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab&Arch=X86

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB

O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Updater Service for PDFLite Toolbar - Unknown owner - C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

--

End of file - 9075 bytes

Link to comment
Share on other sites

John, PDF Lite includes a Zugo toolbar, so it is almost certainly the source of the problem.

 

EDIT: By the way, the toolbar is not present in the latest version of PDF Lite, so if you like the program, you can uninstall and update.

 

ONE MORE ;) The Zugo searchbar installer is still present PDFLite's website. Possibly the PDFLite program downloads and installs the program invisibly without consent.

Edited by TomGL2
Link to comment
Share on other sites

Rescan with HJT and check these items:

 

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: PDFLite Toolbar Helper - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:Program FilesPDFLite ToolbarToolbar32.dll

O3 - Toolbar: PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:Program FilesPDFLite ToolbarToolbar32.dll

 

Close all windows except HJT, then click 'fix checked'. Exit out of HJT, got to Add/remove programs and uninstall

PDFLite Toolbar or Toolbar32.dll which ever one is present.

 

Next, go to C:Program FilesPDFLite Toolbar <--- delete this Folder

Reboot your computer normally.

 

Let me know if you're still having problems.

Link to comment
Share on other sites

Thanks Jacee, Log this one in as solved. I uninstalled PDFLITE 0.5 and PDFLITE toolbar from add remove. You said that there is a zugo free ver. What do I look for???? I use this one because if I use adobe reader my doc. form work come out printed with all different letters,symbols and what not. Would you recomend a better program. Again thanks to everyone who chimed in on this problem. Thansks to TOMGL 2 , Caintry_boy, and Jaycee, Wishing you and yours the safest and joyous holiday season, John

Edited by john9611
Link to comment
Share on other sites

I use Foxit reader ... http://download.cnet...4-10313206.html

 

*** NOTE First, watch out for the two check boxes that make Ask your browser default search provider and Ask.com your home page. Opt out as necessary. Then, toward the end of the installation process, be sure to read carefully and opt out of the Addin for Mozilla FireFox, Opera, Safari and Chrome--unless, of course, you're into bloated toolbars. Once you make it through the installation gauntlet, the rest should be smooth sailing.

Link to comment
Share on other sites

 Share

×
×
  • Create New...