pinchy Posted June 26, 2012 Posted June 26, 2012 Hi Il try in this group 1st i cant change my home page ,iv tried the basic things such as tools i use firefox all the time iv down loaded malwarebytes and done a scan and remove 41 problems iv tried going in to internet options thro control panel but keep getting the msg windows cannot find c:\windows\system32\rundll32.exe.make sure you have typed the name correctly hope iv give enough info thanks Rob Quote
KenB Posted June 26, 2012 Posted June 26, 2012 Hi Rob iv down loaded malwarebytes and done a scan and remove 41 problems MBAM produces a log after the scan and saves it. Open MBAM > Open Logs Double click on the log that produced the 41 problems ...........it will open in Notepad. Copy the log and post it here please. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
pinchy Posted June 26, 2012 Author Posted June 26, 2012 Malwarebytes Anti-Malware (Trial) 1.61.0.1400 http://www.malwarebytes.org Database version: v2012.06.26.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Rob :: ROB-PC [administrator] Protection: Enabled 26/06/2012 11:21:01 mbam-log-2012-06-26 (11-21-01).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 336126 Time elapsed: 1 hour(s), 33 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 15 HKCR\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKCR\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKCU\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\QuestDns Service (Adware.QuestDns) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.489.0 (Adware.HotBar) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790577B576585130AB94 (Malware.Trace) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 9 C:\Users\Rob\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0 (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully. Files Detected: 14 C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSAHook.dll (Adware.HotBar.Gen) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\QuestDns\questdns.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Rob\Desktop\Crack\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully. D:\RUGBY\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully. (end) Quote
KenB Posted June 26, 2012 Posted June 26, 2012 Hi Thanks for the MBAM log. One of our security experts will need to advise further. They will, however, need a couple more logs from OTL. If the logs are too long then split them over 2 or 3 posts. Please follow these instructions carefully :) Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png . Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Note: Running the above script with OTL will : turn on your system restore and set a new restore point (XP only) set a new restore point (if system restore is turned on) Vista & Win7. In your next reply, please submit: - Both reports from OTL Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things. Thanks. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.