I can't get rid of midaddle

Status
Not open for further replies.

Rickie

Beta member
Messages
4
Hi,
I need some help in removing midaddle, so far no aware program has worked, so now i'm using hijackthis. Below is my log can some one help me remove this aware once and for all, it's getting to me.

Logfile of HijackThis v1.99.1
Scan saved at 9:13:38 PM, on 06/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\DOCUME~1\FAMILY\LOCALS~1\Temp\21QbDJhf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\FAMILY\Local Settings\Temporary Internet Files\Content.IE5\KHMB0DAB\hijackthis[1]\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CLSID Support Dll - {32978850-02C0-4F0F-A5E6-C22FB04423FC} - C:\WINDOWS\system32\clsidcore.dll
O2 - BHO: (no name) - {41D8AE9D-6527-39D5-5537-3936539CFC92} - C:\WINDOWS\system32\uiha.dll (file missing)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int114844.exe -auto
O4 - HKLM\..\Run: [MSNAgentCQ] "C:\Program Files\MSN Agent CQ\AgentCQ.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [21QbDJhf] C:\DOCUME~1\FAMILY\LOCALS~1\Temp\21QbDJhf.exe
O4 - HKLM\..\Run: [cVCWlFvSQ] C:\documents and settings\family\local settings\temp\cVCWlFvSQ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\Program Files\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Vqlyzqkx] C:\WINDOWS\system32\?poolsv.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\FAMILY\Application Data\eetu.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [Shockwave 10] "C:\WINDOWS\system32\Macromed\Shockwave 10\swinit.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: BINGOOO - {8732B7D1-8389-4278-AE3B-1C9C0ADEE0B2} - C:\Program Files\BINGOOO\BINGOOO.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymentcentre.com/build/vxiewer.cab
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) - http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://dna.wildtangent.com/CDAFiles/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/webolr/OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/1030/EGAUTH_1030_1_221_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89FD406A-72FA-4D04-A8BA-C7E113619B0A}: NameServer = 206.48.59.10 205.160.233.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B75FFBA7-68E2-4BD1-98CB-7625A5DFAEDD}: NameServer = 206.48.59.10
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

Blitze105

Daemon Poster
Messages
1,100
Hello :)
You have a few problems with that log, however i will not help you with it. I will tell you how to get rid of midaddle though. This is a 2 part post read both and do as both say. I suggest eating lunch first or reading the end of the 2nd post and trying those programs..

Start by ending these tasks in the task manager:
!update.exe
4bu6uset8.exe
adsldpc5.exe
ati3duag.exe
ativvaxx.exe
boipusif.exe
brc_cio.exe
c:\thin-85-1-x-x.exe
catsrv94.exe
cddu.exe
cdosys81.exe
certmgr5.exe
cqvb.exe
d.exe
edi.exe
emqvdm.exe
hvzy.exe
l3u.exe
midadl-d.exe
mo5yk.exe
nr.exe
piagd.exe
profilepath+\local settings\temp\esyndicateinst.exe
profilepath+\local settings\temp\gg1yk81.exe
profilepath+\local settings\temp\middadleinst10017.exe
profilepath+\local settings\temp\motoin.exe
profilepath+\local settings\temp\uppicsvr.exe
programfilesdir+\common files\midaddle\uninst.exe
programfilesdir+\common files\uninstall information\removedisplayutility.exe
programfilesdir+\esyndicate\uninst.exe
r.exe
srvas.exe
srvc32.exe
systemroot+\systb.exe
systemroot+\system32\activeds.exe
systemroot+\system32\advapi32.exe
systemroot+\system32\appmgr48.exe
systemroot+\system32\atkctrs7.exe
systemroot+\system32\atrace38.exe
systemroot+\system32\cabview7.exe
systemroot+\system32\cabview8.exe
systemroot+\system32\catsrvut.exe
systemroot+\system32\cbjovg8a.exe
systemroot+\system32\certmgr7.exe
systemroot+\system32\clb83310.exe
systemroot+\system32\clbcatq1.exe
systemroot+\system32\cmutil32.exe
systemroot+\system32\cnbjmon6.exe
systemroot+\system32\cnetcfg1.exe
systemroot+\system32\comaddin.exe
systemroot+\system32\cvrry0ko.exe
systemroot+\system32\dqcgh.exe
systemroot+\system32\dqk5z.exe
systemroot+\system32\fhhzqpw3.exe
systemroot+\system32\fym442mi.exe
systemroot+\system32\hdzv.exe
systemroot+\system32\hyperlinker2.exe
systemroot+\system32\jdqadis.exe
systemroot+\system32\kjyfi.exe
systemroot+\system32\lufga0.exe
systemroot+\system32\oduytkt.exe
systemroot+\system32\preuninstall.exe
systemroot+\system32\rbdk.exe
systemroot+\temp\midaddle.exe
systemroot+\wupdsnff.exe
t5az.exe
uhk.exe
uninstaller.exe
wqm1j1u.exe
zukepvus.exe

Delete these files from "program files:"
MidAddle
wildarcade\blasterblocks
wildarcade
esyndicate


Delete these .exe's from your Temp Folder(s):
uninst.exe
%tempdir%\update_8.exe
ghruth.exe
ZuIzTc3Mu.exe
D.exe
midaddle.exe
gg1yk81.exe
vona.exe
tFM.exe
rWb.exe
!update.exe
__unin__.exe
9uv.exe
adsldp79.exe
adsldpc5.exe
advapi32.exe
cdosys81.exe
certmgr5.exe
daemon_mgm.exe
npf_mgm.exe
gg1yk81.exe


Delete these .dll's from your temp folder as well:
h.dll
hree.exe.rename
j00bc0chx.dll
7si.dll
9frxinfrt.dll
b.dll
clicks.dll
cmdkvu.dll
clicks.dll
gwfamcvar.dll
hi.dll
nr4ubm.dll
phtqy.dll
wa7nfowpo.dll
 

Blitze105

Daemon Poster
Messages
1,100
Run a Search for these, then delete them:
u0mzwz.dll
midaddle.dll
uninst.exe


Remove these from your registry, if found that is: (create a back up of the registry)

HKEY_CLASSES_ROOT\esyn.band
HKEY_CLASSES_ROOT\interface\{941e3071-658d-4f7a-8848-a39e9a43aa97}
HKEY_CLASSES_ROOT\interface\{941e3071-658d-4f7a-8848-a39e9a43aa97}\iband
HKEY_CLASSES_ROOT\interface\{941e3071-658d-4f7a-8848-a39e9a43aa97}\proxystubclsid\{00020424-0000-0000-c000-000000000046}
HKEY_CLASSES_ROOT\interface\{941e3071-658d-4f7a-8848-a39e9a43aa97}\proxystubclsid32\{00020424-0000-0000-c000-000000000046}
HKEY_CLASSES_ROOT\interface\{941e3071-658d-4f7a-8848-a39e9a43aa97}\typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd}
HKEY_CLASSES_ROOT\interface\{e318d698-27b3-44d5-8998-c35eafb9c034}
HKEY_CLASSES_ROOT\typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd}
HKEY_CLASSES_ROOT\typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd}\1.0\0\win32\c:\program files\esyndicate\esyn.dll
HKEY_CLASSES_ROOT\typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd}\1.0\esyn 1.0 type library
HKEY_CLASSES_ROOT\typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd}\1.0\flags\0
HKEY_CLASSES_ROOT\typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd}\1.0\helpdir\c:\program files\esyndicate\
HKEY_CLASSES_ROOT\typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}
HKEY_CURRENT_USER\software\esyn
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{c5183abc-eb6e-4e05-b8c9-500a16b6cf94}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{c5183abc-eb6e-4e05-b8c9-500a16b6cf94}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}\search help
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\gg1yk81.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\search-exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\midaddle
HKEY_LOCAL_MACHINE\software\midaddle
'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}



Remove these registry Values:
nqpq.exe
vona.exe
tFM.exe
rWb.exe
{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
gg1yk81.exe
midaddle
1m4.exe
4QMLY8S47J5FGZ
q7tT3tS
ZuIzTc3Mu.exe
D.exe


Few things i left out: (delete if found)
7a1o6.dll
9jcvo.dll
bx.dll
ck.dll
cqvb.dll
delfin.dll
edi.dll
exact2.dll
h.dll
j00bc0chx.dll
midad.dll
n.dll
profilepath+\local settings\temp\7si.dll
profilepath+\local settings\temp\9frxinfrt.dll
profilepath+\local settings\temp\b.dll
profilepath+\local settings\temp\clicks.dll
profilepath+\local settings\temp\cmdkvu.dll
profilepath+\local settings\temp\dit99.dll
profilepath+\local settings\temp\eqgq2sha.dll
profilepath+\local settings\temp\gg1yk81.dll
profilepath+\local settings\temp\gwfamcvar.dll
profilepath+\local settings\temp\hi.dll
profilepath+\local settings\temp\nr4ubm.dll
profilepath+\local settings\temp\phtqy.dll
profilepath+\local settings\temp\wa7nfowpo.dll
programfilesdir+\common files\midaddle\midaddle.dll
srvc32.dll
systemroot+\system32\cbjovg8a.dll
systemroot+\system32\datastore.dll
systemroot+\system32\fhhzqpw3.dll
systemroot+\system32\hdzv.dll
systemroot+\system32\kjyfi.dll
systemroot+\system32\lmf32v.dll
systemroot+\temp\clicks.dll
t8fret.dll
txfdb32.dll
u.dll
u0mzwz.dll
xqeak.dll


Have fun... or try spybot and ad aware :) I AM NOT RESPONSIBLE FOR YOUR PROBLEMS
-blitze
 

Rickie

Beta member
Messages
4
Thanks, but nothing you asked me to look for was on my computer.
And if you saw errors on my log why not help me, I post my info for someone to help not to tell me they are not going to, so next time by pass if your not going to help me.
 

Lobos

Daemon Poster
Messages
617
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.


===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

WildTangent
SpyHunter read here if you want to keep spyhunter there are better products out there I suggest uninstalling it


The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\DOCUME~1\FAMILY\LOCALS~1\Temp\21QbDJhf.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u clsidcore.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============
Important
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R3 - Default URLSearchHook is missing

O2 - BHO: CLSID Support Dll - {32978850-02C0-4F0F-A5E6-C22FB04423FC} - C:\WINDOWS\system32\clsidcore.dll
O2 - BHO: (no name) - {41D8AE9D-6527-39D5-5537-3936539CFC92} - C:\WINDOWS\system32\uiha.dll (file missing)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll (file missing)

O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int114844.exe -auto
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [21QbDJhf] C:\DOCUME~1\FAMILY\LOCALS~1\Temp\21QbDJhf.exe
O4 - HKLM\..\Run: [cVCWlFvSQ] C:\documents and settings\family\local settings\temp\cVCWlFvSQ.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Vqlyzqkx] C:\WINDOWS\system32\?poolsv.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\FAMILY\Application Data\eetu.exe
O4 - Global Startup: APC UPS Status.lnk = ?

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://dna.wildtangent.com/CDAFiles...uncherSetup.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...5/Installer.exe
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binari...1_221_EN_XP.cab


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\websx
C:\Program Files\WildTangent
C:\Program Files\Enigma Software Group

files...

C:\DOCUME~1\FAMILY\LOCALS~1\Temp\21QbDJhf.exe
C:\WINDOWS\system32\clsidcore.dll
C:\documents and settings\family\local settings\temp\cVCWlFvSQ.exe
C:\Documents and Settings\FAMILY\Application Data\eetu.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let me know how everything goes.

-

Lobos.
 

Blitze105

Daemon Poster
Messages
1,100
Rickie said:
Thanks, but nothing you asked me to look for was on my computer.
And if you saw errors on my log why not help me, I post my info for someone to help not to tell me they are not going to, so next time by pass if your not going to help me.
Well first you're welcome, second are you sure you looked in the right spot? I am not a pro at helping with logs, i would have helped if you would have asked though. No need to be ignorant.
-blitze
 

Rickie

Beta member
Messages
4
Thanks

Blitze105, I thank you, but you could of stated your post better by saying why you would not help me, the way you stated it sounded like you knew something but didn't want to help.
 

Blitze105

Daemon Poster
Messages
1,100
Well see i do, but i am an unconfident person and would rather not harmd your computer :)
-blitze

PS
no hard feelings?
 

Rickie

Beta member
Messages
4
Thanks Lobos, I did what you said and ran both my spybot and microsoft anit spyware and no signs of midaddle so far, but I will let you know what happen in the next few days. Thanks once again.

Blitze105, there were never hard feeling, I understand where you are coming from, you should of said that for the start then I would of understand. Thanks to you also.
 
Status
Not open for further replies.
Top