Hi I'm new here. I found an old thread with the exact same problem, namely the dreaded rb32.exe and more popups than you could shake a stick at. Here is the info from "hijack this". Any help with be greatly appreciated. A big thanks to the_donner for steering me in the right direction.
Logfile of HijackThis v1.98.2
Scan saved at 1:49:35 PM, on 9/9/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\loadwc.exe
C:\TEMP\1122.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\WINNT\SYSTEM32\cdplayer.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Progra~1\ClearSearch\CSIE.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem300.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINNT\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
O4 - HKLM\..\Run: [IST Service] C:\WINNT\istsvc.exe
O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [hkl] C:\WINNT\hkl.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - (no file)
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O18 - Filter: text/html - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
O18 - Filter: text/plain - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
Logfile of HijackThis v1.98.2
Scan saved at 1:49:35 PM, on 9/9/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CPQAlert.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\system32\CPQDMI.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Intuit\QAgent\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\loadwc.exe
C:\TEMP\1122.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\EE\ee.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\QUICKEN\QWDLLS.EXE
E:\ecolor\Colorific\hgcctl95.exe
E:\ecolor\True Internet Color\TICIcon.exe
C:\WINNT\SYSTEM32\cdplayer.exe
C:\Program Files\Microsoft Office\Office\findfast.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
d:\WinZip\winzip32.exe
C:\TEMP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R3 - URLSearchHook: (no name) - {434F09D5-E688-C1E0-1937-9E7DF66BF3D8} - C:\WINNT\Ohsvvtse.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Progra~1\ClearSearch\CSIE.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {4F879DE4-F1BD-1333-FD4B-2752526BE6D1} - C:\WINNT\Ohsvvtse.dll
O2 - BHO: (no name) - {5A40F2C1-EBF7-11D8-9E29-00901AFD8CB8} - C:\WINNT\System32\msdoh.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem300.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINNT\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {0A8A7232-20FB-617D-B1C5-C0E83E6F6D13} - C:\WINNT\Ohsvvtse.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpsjbmgr.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
O4 - HKLM\..\Run: [IST Service] C:\WINNT\istsvc.exe
O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [hkl] C:\WINNT\hkl.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Iomega Startup Options.lnk = D:\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Refresh.lnk = D:\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = E:\QUICKEN\BILLMIND.EXE
O4 - Global Startup: SonnReg.lnk = E:\ecolor\Registration\SonnReg.exe
O4 - Global Startup: Colorific.lnk = E:\ecolor\Colorific\hgcctl95.exe
O4 - Global Startup: True Internet Color Icon.lnk = E:\ecolor\True Internet Color\TICIcon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - (no file)
O13 - WWW. Prefix: http://
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O18 - Filter: text/html - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll
O18 - Filter: text/plain - {5A40F2C0-EBF7-11D8-9E29-009075B12923} - C:\WINNT\System32\msdoh.dll