1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

problem w/ midADdle,pgate, and others

Discussion in 'Security and Privacy' started by puritycontrol, 2004/09/10.

Thread Status:
Not open for further replies.
  1. 2004/09/10
    puritycontrol

    puritycontrol Inactive Thread Starter

    Joined:
    2004/09/10
    Messages:
    2
    Likes Received:
    0
    Hi.
    I have very limited computer knowledge, and therefore do not know if this is even the correct forum for these questions. However, I am in need of assistance in getting rid of midADdle, PGate, and i fear i'm infected with more than i can see on the add/remove programs list. Can you help me find out what's on my system and how to get rid of it. I do have spybot and adaware, and hijackthis... let me know if you'd like to see my HJT log.
    thanks much, Neil Hodge
     
    puritycontrol,
    #1
  2. 2004/09/12
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    puritycontrol - Welcome to the Board :)

    Sorry to see your thread has been passed by :( .....

    I did a search on Google for midADdle - the first hit details methods of removing this ....

    http://www.angelfire.com/un/midaddle/index.html

    The latest version of AdAware apparently will remove PGate according to this thread .....

    http://forums.spywareinfo.com/index.php?showtopic=1455

    Download AdAware SE build 1.04 from Majorgeeks - at the bottom of this page ....

    http://www.lavasoft.de/support/download/

    It should be fully updated, but 'Check for Updates' anyway before running it.

    When you have done that download the latest version of HijackThis (1.98.2) through Quicklinks in my signature, save it to a folder on your drive - not the desktop, run it and post the log here.

    BTW - this is the 'corect' forum :D
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2004/09/12
    puritycontrol

    puritycontrol Inactive Thread Starter

    Joined:
    2004/09/10
    Messages:
    2
    Likes Received:
    0
    thanks for the reply

    Hey thanks for responding. Yea, i guess a more detailed rundown of what's going on is jpegs won't save as jpegs off of web pages, they appear as bitmaps when i go to save them. when i go to the properties of an image it lists the url as ads.234.com and a bunch of gibberish... so i know midADdle is behind that malfunction (i think). Also, IE has loaded a skin to the toolbars and given me extra search bars that i try and get rid of but continually come back. Also, I sometimes cannot acess the ADD/REMOVE programs off of the control panel. None of this was happening until last week when I got midADdle and PGate, and who knows what else. I have the latest adaware and PGate is still there as far as i can tell. Here's my HJT scan. thanks for the help.
    Logfile of HijackThis v1.98.2
    Scan saved at 3:28:44 PM, on 9/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ACS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Web Offer\wo.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\AIM\aim.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Winamp\winamp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Works\WksWP.exe
    C:\Program Files\Microsoft Works\MSWorks.exe
    C:\Program Files\Microsoft Works\wkgdcach.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Hodge\Local Settings\Temp\DXCf.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [3] C:\documents and settings\hodge\local settings\temp\3.exe
    O4 - HKLM\..\Run: [jte] C:\documents and settings\hodge\local settings\temp\jte.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [k] C:\documents and settings\hodge\local settings\temp\k.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\Ad-Aware SE Personal\Ad-Aware.exe" "+b1 "
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    thanks again, Neil Hodge
     
    puritycontrol,
    #3
  5. 2004/09/12
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Neil

    Even to my inexperienced (with HJT logs) eye you have a few nasties on board - Do nothing until one of our experts has run an eye over it.
     
    PeteC,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...