Please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

unifil

Thread Starter
Joined
Sep 9, 2004
Messages
11
Hi I'm new here. I found an old thread with the exact same problem, namely the dreaded rb32.exe and more popups than you could shake a stick at. Here is the info from "hijack this". Any help with be greatly appreciated. A big thanks to the_donner for steering me in the right direction.

Logfile of HijackThis v1.98.2
Scan saved at 1:49:35 PM, on 9/9/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\loadwc.exe
C:\TEMP\1122.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\WINNT\SYSTEM32\cdplayer.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Progra~1\ClearSearch\CSIE.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem300.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINNT\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
O4 - HKLM\..\Run: [IST Service] C:\WINNT\istsvc.exe
O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [hkl] C:\WINNT\hkl.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - (no file)
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O18 - Filter: text/html - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
O18 - Filter: text/plain - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
 
Joined
Jul 26, 2002
Messages
46,349
Hi unifil

Welcome to TSG! :)

First click on the link below to download RBKiller.

Close all browser windows and click on the rbkiller.exe and let it do it's thing. It can scan all running programs, detect RapidBlaster, and successfully terminate the process and remove the Run key registry entry. The newest version can also clean up various RapidBlaster remnants.


http://www.wilderssecurity.net/downloads/rbkiller.exe

Restart your computer.


Go here and download Adaware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 

unifil

Thread Starter
Joined
Sep 9, 2004
Messages
11
Thanks firman1 you're awesome! I did everything you said and here is the new hijack log.

Logfile of HijackThis v1.98.2
Scan saved at 11:36:54 AM, on 9/10/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\nddeagnt.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\TEMP\1124.exe
C:\WINNT\System32\loadwc.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
C:\WINNT\System32\ddhelp.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O18 - Filter: text/html - {96666A02-0356-11D9-9E41-00907F22E23B} - C:\WINNT\System32\msdoh.dll
O18 - Filter: text/plain - {96666A02-0356-11D9-9E41-00907F22E23B} - C:\WINNT\System32\msdoh.dll
 
Joined
Jul 26, 2002
Messages
46,349
Click here to download CWShredder. Close all browser windows, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

When it is finished restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 

unifil

Thread Starter
Joined
Sep 9, 2004
Messages
11
I really appreciate your help firman1. I'll definitely be clicking the donation link. Here is the hijack log after I completed your latest instructions. Thanks again.

Logfile of HijackThis v1.98.2
Scan saved at 12:42:45 PM, on 9/10/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\loadwc.exe
C:\TEMP\1125.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.latimes.com/sports/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
 
Joined
Jul 26, 2002
Messages
46,349
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll

O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - Startup: PowerReg SchedulerV2.exe

O13 - WWW. Prefix: http://


Restart to safe mode and delete the C:\installer folder.

Also in safe mode navigate to the C:\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

How to start your computer in safe mode
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top