Please reopen HijackThis to
'do system scan only.' Check the following if present: Note: Optional removals are in green.
Read the Option descriptions before checking
O2 - BHO: (no name) - AutorunsDisabled - (no file)>>See Option 1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)>> See Option 1
O9 - Extra button: (no name) - AutorunsDisabled - (no file)>> See Option 1
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\>> See Option 1
---------
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll>> See Option 2
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
Option 1: Have you intentionally disabled Autoruns or are you aware that they have been disabled? This can be a potential protocol hijacker. If yes, leave. If not, please check these for removal.
Option 2: Foistware> Askbar, PDF Toolbar
Foistware is not a virus or malware. It is installed with another unrelated program without your knowledge or permission. I recommend you remove it.
The Pdfforge Toolbar installed with PDFCreator - is it considered as PUP/WidgiToolbar (a potentially unwanted program) due to it's questionable privacy policy. But is came with a Trojan so it needs to be removed.
Close all Windows except HijackThis and click on
"Fix Checked."
If you checked the Askbar and Pdfforge Toolbar for removal:
Go to Add/Remove programs in the Control Panel and uninstall both.
Use Windows Explorer> Navigate to C:\Programs and do a right click> Delete on both of the program folders.
Using Windows Explorer: Windows key + E: Click on to My Computer> double click on the Local Drive (C)> Navigate to> C:\WINDOWS. Right-click on
MailSwitch.ocx and select Rename. Please
rename it to MailSwitch.vir.
If you do not see the file: Go to Tools> Folder Options> View tab> Check 'show hidden files & folders'> Uncheck 'hide protected operating system files-Recommended'> Apply> OK
Exit Windows Explorer and hide the files & Folders.
Please update and scan again with Malwarebytes.
Follow with
Kaspersky Online Scanner in Internet Explorer
- Click Accept and the web scanner will begin to load
- If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
- You will be prompted to install an ActiveX component from Kaspersky, click Install
- If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT and then Scan Settings
- In the scan settings make that the following are selected:
[o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
[o] Scan Options: Scan Archives> Scan Mail Bases
- Click OK
- Now under select a target to scan:
[o] Select My Computer
- The program will start to scan your system.
- Once the scan is complete, click on the Save as Text button and save the file to your desktop
Please attach logs for both programs to your next reply.