poppy1910 Posted August 21, 2003 Report Share Posted August 21, 2003 yes its me again, the forum fruit! and once again im stuck! ive got a toolbar that keeps appearing from nowhere, and it takes off my normal toolbars. its got the usual guff on it like search/entertainment/news/gambling etc etc, but i have no idea where its came from. it just appeared a few weeks ago, and i cant find it anywhere on my pc to delete the little blighter. when i click view/toolbars it comes up as 'ckprchthxso' but i cant right click on it to get properties or whatever, it does nothing! any clues from you far more superior beings than me?? im on windows me, and internet explorer 6. also, this is not related i dont think but you never know, my adware thingy has disappearred! but my shortcut is still there, useless i may add lol. i know i didnt delete this as i very rarely delete anything!! sorry to be a plonker but this is getting on my wick!! thankyou in advance. :unsure: Quote Link to comment Share on other sites More sharing options...
Guest Nellie2 Posted August 21, 2003 Report Share Posted August 21, 2003 Poppy....... I have done a google for 'ckprchthxso' and have come up with nothing. Do you have anymore info?Have you tried doing a search for Ad aware in 'find' Quote Link to comment Share on other sites More sharing options...
Boris Posted August 21, 2003 Report Share Posted August 21, 2003 The end bit - (hxso) is I think a Czech word ?poppyPost an image of it ? Quote Link to comment Share on other sites More sharing options...
bvw Posted August 21, 2003 Report Share Posted August 21, 2003 StartUp Monitor is a handy little program which, once installed, alerts you to any programs trying to place shortcuts into your startup section of your Registry. This is handy for stopping malicious programs such as Trojans, and other software which installs a lot of programs at startup.http://www.by-users.co.uk/faqs/security/st...art-up-monitor/Worth installing.Also Spywareblaster poppy, if you need the link it's here : http://www.javacoolsoftware.com/spywareblaster.htmlThey do help and are worth installing :) Quote Link to comment Share on other sites More sharing options...
Redhat Posted August 22, 2003 Report Share Posted August 22, 2003 http://www.tomcoyote.org/hjt/Please download Hyjack This from the above link and post your log if you could :) Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 i downloaded hijackthis and this is my log. i can see this mystery toolbar on it, should i click it to 'fix' it??O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exeO4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -serviceO4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /backgroundO4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exeO4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exeO8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)O10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dialO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potc_x.cabO16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clie...s/y/t21t0_x.cabO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clie...nts/y/at0_x.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exeO16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7599.4733680556O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cabO16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/Pho...UC/MsnPUpld.cabO16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clie...ts/y/dot2_x.cabO16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clie...ts/y/pyt1_x.cabO16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clie...ts/y/dct2_x.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocxO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...ireShowdown.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 oops missed the first part lolR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonderR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:8080R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexploreO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLLO2 - BHO: (no name) - {eaf84a53-6007-4525-b324-1a4968e217fb} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLLO2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLLO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLLO3 - Toolbar: ckprchthxso - {2e4d67fb-11d1-4d01-907f-5360172c635f} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLLO4 - HKLM\..\Run: [scanRegistry] C:\ Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 bvw in bristol, i d/loaded both or those links. thankyou. i had more adware than you could shake a stick at lol Quote Link to comment Share on other sites More sharing options...
madboy33 Posted August 22, 2003 Report Share Posted August 22, 2003 poppy1910do us a favour and give us a screen print of this toolbarto do that, click on print screen on the key board, open up paint, select edit and then paste.now save it as a jpeg and then upload it to herethanks Quote Link to comment Share on other sites More sharing options...
mark2 Posted August 22, 2003 Report Share Posted August 22, 2003 one or two nasties there, download and run Spybot S & D after updating it , preferably in safe mode. this will clear a lot of the spyware.Let Hijack this fixO10 - Hijacked Internet access by New.NetO2 - BHO: (no name) - {eaf84a53-6007-4525-b324-1a4968e217fb} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLLyou do have a fair few added extras in downloaded program files too. Quote Link to comment Share on other sites More sharing options...
mark2 Posted August 22, 2003 Report Share Posted August 22, 2003 Also get BHO Demon from http://www.definitivesolutions.com/bhodemon.htmand regprot from http://www.diamondcs.com.au/index.php?page=regprot to prevent your registry being changed by spyware and trojans.and Browser Hijack Blaster from http://www.wilderssecurity.com/bhblaster.html to prevent further hijacksThat little lot should keep you from getting into mischief for a while :D Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 it is gone!!! yes after all that, its gone just as mysteriously as it arrived. thanks for all your help guys. im now gonna download all mark2's links, to stop it happening again! well i hope anyway. sorry madboy it took me so long to get to you and now its already gone!! Quote Link to comment Share on other sites More sharing options...
madboy33 Posted August 22, 2003 Report Share Posted August 22, 2003 here is what the tool bar looked like anyway Quote Link to comment Share on other sites More sharing options...
Redhat Posted August 22, 2003 Report Share Posted August 22, 2003 oops missed the first part lolR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonderR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:8080R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexploreO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLLO2 - BHO: (no name) - {eaf84a53-6007-4525-b324-1a4968e217fb} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLLO2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLLO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLLO3 - Toolbar: ckprchthxso - {2e4d67fb-11d1-4d01-907f-5360172c635f} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLLO4 - HKLM\..\Run: [scanRegistry] C:\Delete the ones i've bolded, and also go into Add/Remove programs and uninstall NEW.NET. Quote Link to comment Share on other sites More sharing options...
mark2 Posted August 22, 2003 Report Share Posted August 22, 2003 BTW poppy1910, :blink: you do seem to have a lot running in the background too, does your comp sometimes seem sluggish ?, :P Not being nosey but do you need them all running ? Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 BTW poppy1910, :blink:Â you do seem to have a lot running in the background too, does your comp sometimes seem sluggish ?, :P Not being nosey but do you need them all running ?yes my computer is sluggish, i thought that was just me though lol. im not sure what i have running in the background?? i have 3 instant messengers on is that what your on about??? sorry to be obtuse........but i am lol! Quote Link to comment Share on other sites More sharing options...
madboy33 Posted August 22, 2003 Report Share Posted August 22, 2003 looks like your comp needs a bit of TLC there poppy Quote Link to comment Share on other sites More sharing options...
mark2 Posted August 22, 2003 Report Share Posted August 22, 2003 Poppy, see if each program has an option " start with windows" if so untick it and start it when you want it to, thru start > programs.For those that don't have that option go to start > run > type in "msconfig" and select startup tab you can prevent a lot of programs starting when windows starts see This page for screenshots Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 looks like your comp needs a bit of TLC there poppyso do i madboy! so do i!!!! Quote Link to comment Share on other sites More sharing options...
bvw Posted August 22, 2003 Report Share Posted August 22, 2003 Cuddle for poppy :rolleyes: Quote Link to comment Share on other sites More sharing options...
poppy1910 Posted August 22, 2003 Author Report Share Posted August 22, 2003 oooohhhhhhhhh shucks! thankyou. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.