1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help

Discussion in 'Virus & Other Malware Removal' started by unifil, Sep 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. unifil

    unifil Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    11
    Hi I'm new here. I found an old thread with the exact same problem, namely the dreaded rb32.exe and more popups than you could shake a stick at. Here is the info from "hijack this". Any help with be greatly appreciated. A big thanks to the_donner for steering me in the right direction.

    Logfile of HijackThis v1.98.2
    Scan saved at 1:49:35 PM, on 9/9/04
    Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolss.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\CPQAlert.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\system32\RpcSs.exe
    c:\winnt\system32\pstores.exe
    C:\WINNT\system32\MSTask.exe
    C:\DMINT40\WIN32\bin\Win32SL.exe
    C:\WINNT\system32\CPQDMI.exe
    C:\WINNT\System32\nddeagnt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\SysTray.Exe
    C:\WINNT\System32\PROMon.exe
    C:\WINNT\System32\CHKADMIN.EXE
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\qttask.exe
    C:\WINNT\System32\loadwc.exe
    C:\TEMP\1122.exe
    C:\Program Files\Common files\updmgr\updmgr.exe
    C:\Program Files\EE\ee.exe
    C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    D:\QUICKEN\QWDLLS.EXE
    E:\ecolor\Colorific\hgcctl95.exe
    E:\ecolor\True Internet Color\TICIcon.exe
    C:\WINNT\SYSTEM32\cdplayer.exe
    C:\Program Files\Microsoft Office\Office\findfast.exe
    C:\WINNT\System32\ddhelp.exe
    C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
    d:\WinZip\winzip32.exe
    C:\TEMP\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
    R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
    F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Progra~1\ClearSearch\CSIE.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
    O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem300.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINNT\System32\apuc.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
    O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
    O4 - HKLM\..\Run: [IST Service] C:\WINNT\istsvc.exe
    O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
    O4 - HKLM\..\Run: [hkl] C:\WINNT\hkl.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
    O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
    O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
    O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
    O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
    O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - (no file)
    O13 - WWW. Prefix: http://
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O18 - Filter: text/html - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
    O18 - Filter: text/plain - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi unifil

    Welcome to TSG! :)

    First click on the link below to download RBKiller.

    Close all browser windows and click on the rbkiller.exe and let it do it's thing. It can scan all running programs, detect RapidBlaster, and successfully terminate the process and remove the Run key registry entry. The newest version can also clean up various RapidBlaster remnants.


    http://www.wilderssecurity.net/downloads/rbkiller.exe

    Restart your computer.


    Go here and download Adaware SE.

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window :Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  3. unifil

    unifil Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    11
    Thanks firman1 you're awesome! I did everything you said and here is the new hijack log.

    Logfile of HijackThis v1.98.2
    Scan saved at 11:36:54 AM, on 9/10/04
    Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolss.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\CPQAlert.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\system32\RpcSs.exe
    C:\WINNT\System32\nddeagnt.exe
    c:\winnt\system32\pstores.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.exe
    C:\DMINT40\WIN32\bin\Win32SL.exe
    C:\WINNT\system32\CPQDMI.exe
    C:\WINNT\System32\SysTray.Exe
    C:\WINNT\System32\PROMon.exe
    C:\WINNT\System32\CHKADMIN.EXE
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\qttask.exe
    C:\TEMP\1124.exe
    C:\WINNT\System32\loadwc.exe
    C:\Program Files\EE\ee.exe
    C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    D:\QUICKEN\QWDLLS.EXE
    E:\ecolor\Colorific\hgcctl95.exe
    E:\ecolor\True Internet Color\TICIcon.exe
    C:\Program Files\Microsoft Office\Office\findfast.exe
    C:\WINNT\System32\ddhelp.exe
    d:\WinZip\winzip32.exe
    C:\TEMP\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
    R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
    F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
    O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
    O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
    O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
    O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
    O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
    O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O13 - WWW. Prefix: http://
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O18 - Filter: text/html - {96666A02-0356-11D9-9E41-00907F22E23B} - C:\WINNT\System32\msdoh.dll
    O18 - Filter: text/plain - {96666A02-0356-11D9-9E41-00907F22E23B} - C:\WINNT\System32\msdoh.dll
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click here to download CWShredder. Close all browser windows, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

    When it is finished restart your computer.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  5. unifil

    unifil Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    11
    I really appreciate your help firman1. I'll definitely be clicking the donation link. Here is the hijack log after I completed your latest instructions. Thanks again.

    Logfile of HijackThis v1.98.2
    Scan saved at 12:42:45 PM, on 9/10/04
    Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolss.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\CPQAlert.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\system32\RpcSs.exe
    c:\winnt\system32\pstores.exe
    C:\WINNT\system32\MSTask.exe
    C:\DMINT40\WIN32\bin\Win32SL.exe
    C:\WINNT\system32\CPQDMI.exe
    C:\WINNT\System32\nddeagnt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\SysTray.Exe
    C:\WINNT\System32\PROMon.exe
    C:\WINNT\System32\CHKADMIN.EXE
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\qttask.exe
    C:\WINNT\System32\loadwc.exe
    C:\TEMP\1125.exe
    C:\Program Files\EE\ee.exe
    C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    D:\QUICKEN\QWDLLS.EXE
    E:\ecolor\Colorific\hgcctl95.exe
    E:\ecolor\True Internet Color\TICIcon.exe
    C:\Program Files\Microsoft Office\Office\findfast.exe
    d:\WinZip\winzip32.exe
    C:\TEMP\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.latimes.com/sports/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
    R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
    F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
    O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
    O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
    O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
    O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
    O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O13 - WWW. Prefix: http://
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll

    O2 - BHO: (no name) - SOFTWARE - (no file)

    O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll

    O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll

    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

    O4 - Startup: PowerReg SchedulerV2.exe

    O13 - WWW. Prefix: http://


    Restart to safe mode and delete the C:\installer folder.

    Also in safe mode navigate to the C:\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin

    How to start your computer in safe mode
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272428

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice