Mystery Toolbar!

poppy1910 · August 21, 2003

yes its me again, the forum fruit! and once again im stuck! ive got a toolbar that keeps appearing from nowhere, and it takes off my normal toolbars. its got the usual guff on it like search/entertainment/news/gambling etc etc, but i have no idea where its came from. it just appeared a few weeks ago, and i cant find it anywhere on my pc to delete the little blighter. when i click view/toolbars it comes up as 'ckprchthxso' but i cant right click on it to get properties or whatever, it does nothing! any clues from you far more superior beings than me?? im on windows me, and internet explorer 6.

also, this is not related i dont think but you never know, my adware thingy has disappearred! but my shortcut is still there, useless i may add lol. i know i didnt delete this as i very rarely delete anything!! sorry to be a plonker but this is getting on my wick!! thankyou in advance. :unsure:

August 21, 2003

Poppy....... I have done a google for 'ckprchthxso' and have come up with nothing. Do you have anymore info?

Have you tried doing a search for Ad aware in 'find'

Boris · August 21, 2003

The end bit - (hxso) is I think a Czech word ?

poppy

Post an image of it ?

bvw · August 21, 2003

StartUp Monitor is a handy little program which, once installed, alerts you to any programs trying to place shortcuts into your startup section of your Registry. This is handy for stopping malicious programs such as Trojans, and other software which installs a lot of programs at startup.

http://www.by-users.co.uk/faqs/security/st...art-up-monitor/

Worth installing.

Also Spywareblaster poppy, if you need the link it's here : http://www.javacoolsoftware.com/spywareblaster.html

They do help and are worth installing :)

Redhat · August 22, 2003

http://www.tomcoyote.org/hjt/

Please download Hyjack This from the above link and post your log if you could :)

poppy1910 · August 22, 2003

i downloaded hijackthis and this is my log. i can see this mystery toolbar on it, should i click it to 'fix' it??

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O10 - Hijacked Internet access by New.Net

O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potc_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clie...s/y/t21t0_x.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clie...nts/y/at0_x.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7599.4733680556

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/Pho...UC/MsnPUpld.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clie...ts/y/dot2_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clie...ts/y/pyt1_x.cab

O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clie...ts/y/dct2_x.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...ireShowdown.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab

poppy1910 · August 22, 2003

oops missed the first part lol

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:8080

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL

O2 - BHO: (no name) - {eaf84a53-6007-4525-b324-1a4968e217fb} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL

O3 - Toolbar: ckprchthxso - {2e4d67fb-11d1-4d01-907f-5360172c635f} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\

poppy1910 · August 22, 2003

bvw in bristol, i d/loaded both or those links. thankyou. i had more adware than you could shake a stick at lol

madboy33 · August 22, 2003

poppy1910

do us a favour and give us a screen print of this toolbar

to do that, click on print screen on the key board, open up paint, select edit and then paste.

now save it as a jpeg and then upload it to here

thanks

mark2 · August 22, 2003

one or two nasties there,

download and run Spybot S & D after updating it , preferably in safe mode. this will clear a lot of the spyware.

Let Hijack this fix

O10 - Hijacked Internet access by New.Net

O2 - BHO: (no name) - {eaf84a53-6007-4525-b324-1a4968e217fb} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLL

you do have a fair few added extras in downloaded program files too.

mark2 · August 22, 2003

Also get BHO Demon from http://www.definitivesolutions.com/bhodemon.htm

and regprot from http://www.diamondcs.com.au/index.php?page=regprot to prevent your registry being changed by spyware and trojans.

and Browser Hijack Blaster from http://www.wilderssecurity.com/bhblaster.html to prevent further hijacks

That little lot should keep you from getting into mischief for a while :D

poppy1910 · August 22, 2003

it is gone!!! yes after all that, its gone just as mysteriously as it arrived. thanks for all your help guys. im now gonna download all mark2's links, to stop it happening again! well i hope anyway. sorry madboy it took me so long to get to you and now its already gone!!

madboy33 · August 22, 2003

here is what the tool bar looked like anyway

Redhat · August 22, 2003

oops missed the first part lol
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z18572.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:8080
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
O2 - BHO: (no name) - {eaf84a53-6007-4525-b324-1a4968e217fb} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
O3 - Toolbar: ckprchthxso - {2e4d67fb-11d1-4d01-907f-5360172c635f} - C:\WINDOWS\APPLICATION DATA\CFGLTHZOOTR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O4 - HKLM\..\Run: [scanRegistry] C:\

Delete the ones i've bolded, and also go into Add/Remove programs and uninstall NEW.NET.

mark2 · August 22, 2003

BTW poppy1910, :blink: you do seem to have a lot running in the background too, does your comp sometimes seem sluggish ?, :P

Not being nosey but do you need them all running ?

poppy1910 · August 22, 2003

BTW poppy1910, :blink: you do seem to have a lot running in the background too, does your comp sometimes seem sluggish ?, :P
Not being nosey but do you need them all running ?

yes my computer is sluggish, i thought that was just me though lol. im not sure what i have running in the background?? i have 3 instant messengers on is that what your on about??? sorry to be obtuse........but i am lol!

madboy33 · August 22, 2003

looks like your comp needs a bit of TLC there poppy

mark2 · August 22, 2003

Poppy, see if each program has an option " start with windows" if so untick it and start it when you want it to, thru start > programs.

For those that don't have that option go to start > run > type in "msconfig" and select startup tab you can prevent a lot of programs starting when windows starts see This page for screenshots

poppy1910 · August 22, 2003

looks like your comp needs a bit of TLC there poppy

so do i madboy! so do i!!!!

bvw · August 22, 2003

Cuddle for poppy :rolleyes:

poppy1910 · August 22, 2003

oooohhhhhhhhh shucks! thankyou.

Sign In

Mystery Toolbar!

Recommended Posts

Link to comment

Share on other sites

Guest Nellie2

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information