Adware Block Checker

Please follow the steps in: Downloading, Installing, and Running HijackThis

And attach your HijackThis log.

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixBC.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixBC.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now let's continues with the cleanup.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete the below if found (you may or may not find them):
c:\windows\system32\ccapp.exe
c:\windows\system32\navshext.dll
c:\windows\system32\navshext1.dll
c:\windows\system32\ustart.exe
c:\windows\system32\~ustart.exe
c:\windows\system32\block checker.exe
c:\windows\system32\system.exe
c:\windows\system32\setup_finish.exe
c:\windows\system32\processkill.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

I would bet this is a false positive. This file is for you onboard video card. See: http://www.liutilities.com/products/wintaskspro/processlibrary/igfxtray/

 

Show me the log file that reports this.

 

Well that is not a very useful report! It does not even show where and what they are finding.

Try this: Running Ewido Security Suite

Make sure you post the log! And also see if Panda still has the same results or not.

 

I just noticed you have us working on three threads at the same time! Please do not do this in the future. Stay in one thread until your current problems are resolved unless the person helping you suggests you start a different thread.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixBB.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixBB.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now see if Pandascan is clean

 

Yes! But they all looked similar. All running Bullguard. You should have mentioned that you were trying to fix three PCs.

Did the registry patch help?

 

Then I would expect that whatever it is finding is probably pretty benign and more than like should be ignored. Since they do not report exactly what or where the problem is, the scan is not very helpful.

You could give the below a try if desired and post their logs:

Spy Sweeper

Also try the below:

Download this virus checker and tool from Microworld Antivirus Toolkit Utility
1. Save it to a folder.
2. Reboot into safe mode
3. Double click the Mwav.exe file.(This is a stand alone tool and NOT just a virus checker......so it won't install anything)
4.Select all local drives, scan all files, press SCAN and when it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane and save it to a notepad file

*Note* If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning.

We just want to use it to try to identify anything that is bad.

Once you copy that to a notepad file, highlight the text and copy as an attachment.