Jump to content


Photo

http://origin.midaddle.com/inBetween.aspx


  • This topic is locked This topic is locked
5 replies to this topic

#1 eny151

eny151

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 24 July 2004 - 03:19 PM

i have http://origin.midadd.../inBetween.aspx
it loads along with whatever page i click or open
for example http://origin.midadd...p=www.yahoo.com
ad-aware and spybot dont remove or say anything about this anyone knows about this? if so let me know what i can do. here my log incase it will help out.

Logfile of HijackThis v1.98.0
Scan saved at 4:14:28 PM, on 7/24/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\srvany.exe
C:\winnt\system32\Shared\dllhost.exe
C:\WINNT\system32\srvany.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\Shared\lsass.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\srvany.exe
C:\WINNT\system32\srvany.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tlntsvr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\documents and settings\administrator\local settings\temp\R.exe
C:\documents and settings\administrator\local settings\temp\sjQKBFc2.exe
C:\WINNT\system32\ctfmon.exe
C:\winnt\system32\dhcp\files\mdll.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [tsx] regedlt.exe
O4 - HKLM\..\Run: [Advanced Serial Client for Win32] asclt.exe
O4 - HKLM\..\Run: [Peer Manager] peere32.exe
O4 - HKLM\..\Run: [Windows Subsys] "C:\WINNT\system32\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32
O4 - HKLM\..\Run: [Application] C:\winnt\system32\dhcp\files\hiddenrun.exe mdll.exe
O4 - HKLM\..\Run: [R] C:\documents and settings\administrator\local settings\temp\R.exe
O4 - HKLM\..\Run: [53FV3sP] athontr.exe
O4 - HKLM\..\Run: [sjQKBFc2] C:\documents and settings\administrator\local settings\temp\sjQKBFc2.exe
O4 - HKLM\..\RunServices: [tsx] regedlt.exe
O4 - HKLM\..\RunServices: [Advanced Serial Client for Win32] asclt.exe
O4 - HKLM\..\RunServices: [Peer Manager] peere32.exe
O4 - HKLM\..\RunServices: [Windows Subsys] "C:\WINNT\system32\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [tsx] regedlt.exe
O4 - HKCU\..\Run: [Peer Manager] peere32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Administrator\Local Settings\Temp\ms3.tmp"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A052CA1D-D99E-4F92-A865-DEC016CDB00C}: NameServer = 66.114.74.40,66.114.74.195

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 24 July 2004 - 05:09 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

O4 - HKLM\..\Run: [tsx] regedlt.exe
O4 - HKLM\..\Run: [Advanced Serial Client for Win32] asclt.exe
O4 - HKLM\..\Run: [Peer Manager] peere32.exe
O4 - HKLM\..\Run: [Windows Subsys] "C:\WINNT\system32\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32
O4 - HKLM\..\Run: [Application] C:\winnt\system32\dhcp\files\hiddenrun.exe mdll.exe
O4 - HKLM\..\Run: [R] C:\documents and settings\administrator\local settings\temp\R.exe
O4 - HKLM\..\Run: [53FV3sP] athontr.exe
O4 - HKLM\..\Run: [sjQKBFc2] C:\documents and settings\administrator\local settings\temp\sjQKBFc2.exe
O4 - HKLM\..\RunServices: [tsx] regedlt.exe
O4 - HKLM\..\RunServices: [Advanced Serial Client for Win32] asclt.exe
O4 - HKLM\..\RunServices: [Peer Manager] peere32.exe
O4 - HKLM\..\RunServices: [Windows Subsys] "C:\WINNT\system32\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32
O4 - HKCU\..\Run: [tsx] regedlt.exe
O4 - HKCU\..\Run: [Peer Manager] peere32.exe
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Administrator\Local Settings\Temp\ms3.tmp"

Reboot and delete

files
regedlt.exe( note spelling! regedit.exe is a valid windows file)
athontr.exe
asclt.exe
peere32.exe
C:\WINNT\system32\winload.exe

All files in the C:\documents and settings\administrator\local settings\temp folder

folders
C:\winnt\system32\dhcp\files

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 eny151

eny151

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 24 July 2004 - 06:31 PM

ok i fixed what u said on hijack this. before i delete anything i wanna make sure where i will be deleting these files from. is from the regestry key regit. or is from my computer

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 25 July 2004 - 03:50 AM

Hijack this will remove the registry entries as part of the fix. Just delete the listed files/folders from the drive.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 eny151

eny151

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 26 July 2004 - 03:53 PM

thanks everything is well. although is could not find regedlt.exe athontr.exe
asclt.exe
peere32.exe
C:\WINNT\system32\winload.exe


but everything is ok, thanks!!1

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 26 July 2004 - 07:32 PM

If you can't find them then they're gone!

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button