• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mydeadfriend

Midaddle?

5 posts in this topic

I've updated and run Ad-aware and Spybot but I still can't get rid of this problem. A search on Google brings up very little information about this annoyance, except a few pages. One explains; "Internet Marketing company AdSypre has announce the beta launch of its MidADdle keyword targeted ad system. The system, similar to Claria and WhenU, works once a user has downloaded and opted into the system. The system tracks online behavior matching user keywords in user-entered URLs, web page forms, search forms and click-through destinations which are then mapped against advertiser keywords generating targeted ad delivery. The ad appears as a between-page unit and is presented to the user upon identification by system as they progress from one page to the next. The user can choose to click on the ad, view it for ten seconds or skip it. If the ad is clicked, the user is delivered to the advertiser's site."

 

Every time I begin to load a webpage, it stops at a page that reads something such as:

 

"While your pages loads, check out this special offer.

rerouting...

http://www.dsgsdg.net/... will be finished loading in 1 second.

http://www.dsgsdg.net/... will be finished loading in 2 seconds.

http://www.dsgsdg.net/... will be finished loading in 3 seconds.

http://www.dsgsdg.net/... will be finished loading in 4 seconds.

http://www.dsgsdg.net/... will be finished loading in 5 seconds.

http://www.dsgsdg.net/... will be finished loading in 6 seconds."

 

Or stops at a page that reads "The page cannot be displayed." The URL is something like http://origin.midaddle.com/adView.aspx?req...2F&mac=9400446b It goes to the target page after a moment, but it still slows things down.

 

I have not a single clue in the world how I got this thing on my computer, but I would like it removed as soon as possible. It's making it hard to view required work pages and it's just a plan hassle. Any help would be greatly appreciated. Attached is my Hijack This! log.

 

Logfile of HijackThis v1.97.7

Scan saved at 4:40:47 AM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\LTSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\WINDOWS\System32\atwtusb.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\documents and settings\owner\local settings\temp\hQCDS.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\AIM95\aim.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\DpaNu4.exe

C:\WINDOWS\System32\UutLEKur.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\DogProxy2\DogProxy2.exe

C:\Program Files\Furnarchy3\Furnarchy.exe

C:\Program Files\furcadia\furcadia.exe

C:\PROGRA~1\furcadia\fured.exe

C:\Program Files\furcadia\Fcde.exe

C:\WINDOWS\System32\defrag.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\furcadia\furcadia.exe

C:\Documents and Settings\Owner\Desktop\Fanfiction\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\MWSnap\MWSnap.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\furcadia\furcadia.exe

C:\Program Files\furcadia\furcadia.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.51/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.51/hp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.51/hp.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.51/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://autosearch.cc/search.php?qq=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://default-homepage-network.com/start.cgi?hklm

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Nutshell - {7BA7B95F-9B92-4132-8012-E19B585CAF21} - C:\Program Files\nutshell\nutshell.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [hQCDS.exe] C:\documents and settings\owner\local settings\temp\hQCDS.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [3H7GF6L2FGJW8R] C:\WINDOWS\System32\BoaEF.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Control Pad (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll

O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .pic: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net

O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://chat.justachat.com:8000/Java/cs4fs095.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...322/mcfscan.cab

 

 

EDIT: Now it says this whenever the Midaddle page is displayed.

 

Server Error in '/' Application.

--------------------------------------------------------------------------------

 

Runtime Error

Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

 

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

 

 

<!-- Web.Config Configuration File -->

 

<configuration>

<system.web>

<customErrors mode="Off"/>

</system.web>

</configuration>

 

 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

 

 

<!-- Web.Config Configuration File -->

 

<configuration>

<system.web>

<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>

</system.web>

</configuration>

Edited by mydeadfriend

Share this post


Link to post
Share on other sites

It seems you and I have the same problem, MIDADDLE. I've looked at your log and mine and we both have it in our c:\programfiles\commonfiles. Like you my system resources have become very limited, and my browsing has become very slooooow. Anyway, now there are two of us w/ this problem...so I dont feel so bad now. If you get help on this issue lemme know, so I can fix mine.

Edited by Warp Spider

Share this post


Link to post
Share on other sites

Please download CWShredder

This was written to deal with Coolweb and all its variants.

 

Download and run the program. Let it fix everything it finds, and reboot.

 

Run Hijack this again, and post a fresh log so we can deal with whatever is left.

Share this post


Link to post
Share on other sites

I just noticed this today as well. In the c:\programfiles\commonfiles\midaddle folder there's actually an uninstaller for it. They made it quite easy to remove this pest. :lol:

Share this post


Link to post
Share on other sites

I believe that Midaddle was successfully removed. Never would have thought to look there, thehead. Thanks. ;D

 

I ran CWShredder and five registery values were repaired. Got my updated log, taken after the fact. I ran Ad-aware and Spybot after I was done with CW, and rebooted to insure I got everything I could off.

 

Logfile of HijackThis v1.97.7

Scan saved at 6:47:37 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\LTSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\WINDOWS\System32\atwtusb.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\documents and settings\owner\local settings\temp\hQCDS.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\AIM95\aim.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\hymnukn.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Owner\Desktop\Fanfiction\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://default-homepage-network.com/start.cgi?hklm

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {3EA83475-BF4E-54E5-8724-62550EA42C48} - C:\WINDOWS\System32\zgyz.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Nutshell - {7BA7B95F-9B92-4132-8012-E19B585CAF21} - C:\Program Files\nutshell\nutshell.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [hQCDS.exe] C:\documents and settings\owner\local settings\temp\hQCDS.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [3H7GF6L2FGJW8R] C:\WINDOWS\System32\Wjdi.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [uecqtnu] C:\WINDOWS\System32\hymnukn.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Control Pad (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll

O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .pic: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net

O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://chat.justachat.com:8000/Java/cs4fs095.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.35mb.com/applet.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...322/mcfscan.cab

Edited by mydeadfriend

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0