Ad Toolbar APpears on Startup, Help Appreciated

Welcome to MG's!

Post the logs requested in the READ & RUN ME sticky. That is the Bitdefender, PandaActiveScan, and HijackThis log. All of them must be posted as attachments.

 

It is very unusual for Panda to find nothing.

The READ & RUN ME states:

You need to run BitDefender. You have a Wareout infection. After running Bitdefender attach the log per the directions and then continue with the below.


It looks like your Bsecure program installation is broken based on the below:
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CDE919A-42A0-4401-8149-0C334F43F028}: NameServer = 85.255.115.3,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{463F5CC7-7438-4C50-B75D-40BEE36E1CA4}: NameServer = 85.255.115.3,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F048DAE-E9B9-43A3-850C-29F084CEDFDC}: NameServer = 85.255.115.3,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CDE919A-42A0-4401-8149-0C334F43F028}: NameServer = 85.255.115.3,85.255.112.11


After click Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Now please attach the contents of the logfile C:\fixwareout\report.txt
Also attach a new HijackThis log.

 

You need to complete the other steps I gave you for fixing Wareout. Then perhaps we will disable system restore to see if we can remove much of what BitDefender is complaining about.

 

You're welcome. Just a couple more things. Double check to make sure you BeSecure application is working okay. HJT is reporting that 'inetcntrl.dll' is missing. I'm not sure that this report is valid. Search your PC to see if the file is there. It could be anywhere or could be in c:\windows\system32

You have one more problem process that showed up:

O4 - HKLM\..\Run: [dmehl.exe] C:\WINDOWS\system32\dmehl.exe


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [dmehl.exe] C:\WINDOWS\system32\dmehl.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\dmehl.exe


Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now run Ccleaner (installed while running the READ ME FIRST).


Now reboot in normal mode and post a new HJT log. And tell us how things are working.