*C:\WINDOWS\system32\msblank.html* need help fixing

My internet explorer homepage is set to this link "C:\WINDOWS\system32\msblank.html"

I can't reset my homepage to where it was.

Also, I have this toolbar that just popped up and I can't remove it. I ran spybot s&d and removed all the existing spyware, but that toolbar is still there and my homepage is still at that location.

Could someone please help me fix this problem?

Thank you.

 

Thank you for responding. I've ran all the spyware detections and it is still on my toolbar, and I still get the same homepage. I have attached my HJT log file.

Thank you again for your help.

 

I think that took care of it. The toolbar is gone and my homepage is reset back to the default. If there's anything else I need to get rid of or clean, please let me know.

Thank you so much for your help.

 

I think I still have a problem. My AV keeps detecting a virus named "hclean32.exe." Is there something I need to do to remove it permanently?

 

Yes I did disable system restore. It's detecting it in C:\Windows\System32. I did uninstall Wareout. Or at least I thought I did. I don't see it in the add/remove programs.

 

Ok. Here you go.

 

I didn't mention this earlier, but I also deleted these three files: winctrl16.exe, winctrl32.exe, and winctrl64.exe.

Do i need these files?

 

I just ran Spybot and it found "Smitfraud", but it can't fix it. I tried to restart and then run spybot like it asked, but it was still unable to fix the problems.

 

D3? R u still there?

 

Thanks for responding. I still do appreciate your help. I

I have installed and ran the program you suggested. It cleaned 79 problems. I haven't encountered any problems in about 10 minutes, but I'll be certain to tell you if something comes up.

Here's the report.

Thank you again.

 

My AV just spotted again the hclean.exe at 8:12 CDT. The ewid also came up and I cleaned the infected files.
I was getting some pop-ups that stated something about my spyware detection was bad, and if I wanted to learn how to get rid of it. One came on my desktop/screen, and one was in my taskbar (bottom right). I haven't seen those yet since the ewid scan, but I'll keep you updated.

Thanks

 

This isn't the popups, but my AV now detected a Trojan Horse "A0088507.exe" in the "C:\System Volume Information\restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP339\"

Ewid did not see it, I guess, because I didn't get the option to remove it with ewid.

 

I can't find the system restore tab. I right clicked on My Computer,but there is no system restore tab.

 

It says computer administrator next to my name.

 

Okay, I've tried booting in safe mode, and it still does not appear. Is there another way to get there?

 

I tried to copy and paste, but I got an error when I tried to double click and merge it. It said the specified file is not a registry script.

 

Ok that worked. Now what should I do?

 

Here's the new HJT log. It hasn't been going to the about:blank. The problem has been my AV has been finding a Trojan virus "hclean.exe" in my system restore everytime I open mozilla browser, and I can't disable system restore, even though I have admin rights.

I entered the reg file, but I still don't see the option to disable system restore.

Thanks for the help.

 

DOH!
Thanks,

 

d3? Should I post another hjt log?

 

No. I don't see a system restore tab at all.

 

I went to HKEY_LOCAL_MACHINE/SOFTWARE/POLICIES/MICROSOFT/WINDOWSNT... but there's no systemrestore. And that's the only place that has the SOFTWARE/...WINDOWSNT.

 

Any other suggestions?