Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Please help

1K views 5 replies 2 participants last post by  Flrman1 
#1 ·
Hi I'm new here. I found an old thread with the exact same problem, namely the dreaded rb32.exe and more popups than you could shake a stick at. Here is the info from "hijack this". Any help with be greatly appreciated. A big thanks to the_donner for steering me in the right direction.

Logfile of HijackThis v1.98.2
Scan saved at 1:49:35 PM, on 9/9/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\loadwc.exe
C:\TEMP\1122.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\WINNT\SYSTEM32\cdplayer.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Progra~1\ClearSearch\CSIE.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem300.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINNT\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
O4 - HKLM\..\Run: [IST Service] C:\WINNT\istsvc.exe
O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [hkl] C:\WINNT\hkl.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - (no file)
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O18 - Filter: text/html - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
O18 - Filter: text/plain - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
 
See less See more
#2 ·
Hi unifil

Welcome to TSG! :)

First click on the link below to download RBKiller.

Close all browser windows and click on the rbkiller.exe and let it do it's thing. It can scan all running programs, detect RapidBlaster, and successfully terminate the process and remove the Run key registry entry. The newest version can also clean up various RapidBlaster remnants.

http://www.wilderssecurity.net/downloads/rbkiller.exe

Restart your computer.

Go here and download Adaware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 
#3 ·
Thanks firman1 you're awesome! I did everything you said and here is the new hijack log.

Logfile of HijackThis v1.98.2
Scan saved at 11:36:54 AM, on 9/10/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\nddeagnt.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\TEMP\1124.exe
C:\WINNT\System32\loadwc.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
C:\WINNT\System32\ddhelp.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O18 - Filter: text/html - {96666A02-0356-11D9-9E41-00907F22E23B} - C:\WINNT\System32\msdoh.dll
O18 - Filter: text/plain - {96666A02-0356-11D9-9E41-00907F22E23B} - C:\WINNT\System32\msdoh.dll
 
#4 ·
Click here to download CWShredder. Close all browser windows, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

When it is finished restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 
#5 ·
I really appreciate your help firman1. I'll definitely be clicking the donation link. Here is the hijack log after I completed your latest instructions. Thanks again.

Logfile of HijackThis v1.98.2
Scan saved at 12:42:45 PM, on 9/10/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\loadwc.exe
C:\TEMP\1125.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.latimes.com/sports/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
 
#6 ·
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll

O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - Startup: PowerReg SchedulerV2.exe

O13 - WWW. Prefix: http://


Restart to safe mode and delete the C:\installer folder.

Also in safe mode navigate to the C:\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

How to start your computer in safe mode
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top