COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=File : c:\WINDOWS\SYSTEM\SOEM0409.DLL
obj[1]=File : c:\WINDOWS\SYSTEM\ppgfilt.dll
obj[2]=File : C:\WINDOWS\hosts
COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=File : c:\WINDOWS\SYSTEM\RECMQCL.DLL
obj[1]=File : c:\WINDOWS\SYSTEM\OCSLB400.DLL
obj[3]=File : c:\WINDOWS\SYSTEM\pppcgm.exe
obj[5]=File : C:\WINDOWS\hosts
when i tried to remove them using AD AWARE i get the follow runtime error:
MICROSOFT VISUAL C++ RUNTIME LIBRARY
Runtime Error!
Program: C:\WINDOWS\EXPLORER.EXE
This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.
so seeing this, i went and got CWSHREDDER, ran it. and the bloody program didn't even recognize it. i have updated all definitions for all programs on your site. i have ran all the way through SPYBOT and finally got fed up and ran HIJACKTHIS so i could get a little insight from the pros. i assume i may just have to reset my hosts file but thing is their are 3 of them within my windows folder:
hosts.bak 824b
Hosts.sam 736b
hosts.*no file extension* 824b <--- i believe this is the culprit!!!
my HIJACKTHIS log file is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 2:42:50 PM, on 2/20/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\DANTZ\RETROSPECT\WDSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\CREATIVE\SB LIVE! 24-BIT\SURROUND MIXER\CTSYSVOL.EXE
C:\PROGRAM FILES\DISK REMOVAL UTILITY - WD\WD2507MON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - {69CCB321-DD6A-5642-968D-E62ED7F8A771} - SAPSTR.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [WDCBG] C:\WINDOWS\WDCBG.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [WD2507MON] C:\Program Files\Disk Removal Utility - WD\WD2507Mon.exe
O4 - HKLM\..\Run: [gimmygames] C:\\GIMMYGAMES.exe
O4 - HKLM\..\Run: [winsysban] C:\\WINSYSBAN5.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [Retrospect WD Service] C:\PROGRAM FILES\DANTZ\RETROSPECT\WDSVC.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
if i have missed anything please let me know so i can more properly inform you. thanks in advance.
-9to5numbskull