Annoyances.org
Home » Windows XP Discussion Forum » Message 1101690425 » Entire Thread Search | Help | Home
  
Links Embedded into Internet Explorer
Showing all messages in thread #1101690425
Windows XP Annoyances Discussion Forum

The following are all of the messages in this thread (9 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
Links Embedded into Internet Explorer
Sunday, November 28, 2004 at 5:07 pm
Posted by Seth (50 messages posted)

When I open internet explorer, the page loads after which two links (advertisements) appear at the top of the web page. It doesn't matter which web sites I visit, there is always two links that appear at the top of the page. I have run Spybot & AdAware (both latest versions) as well as my virus scanner and have not been able to remove the links. I have checked this whilst running FireFox and found the links do not appear. Could I please have your thoughts or suggestions on how to remove this problem. TIA.

[Reply or follow-up to this message]

Tip: Run a free scan for common Windows errors ad

re: Links Embedded into Internet Explorer
Sunday, November 28, 2004 at 5:21 pm
Posted by Yap (4094 messages posted)

Common Removal Procedure of Virus/Trojan/Spyware/Mallware/Adware

۞ Turn off system restore, empty Temp, Temporary Internet Files, and Recycle Bin...
۞ Open folder options -> view tab
        ◊ Check Show hidden files and folders
        ◊ Uncheck Hide extensions for known file types
        ◊ Uncheck Hide protected operating system files (Recommended)
        ◊ Uncheck Use simple file sharing (Recommended)
۞ Run online virus scan at Trendmicro or Panda site
۞ Run PestPatrol online Spyware scan
۞ Update your anti virus definition and scan the system...
        ◊ Download, install and update AVG or AntiVir in case you don't have anti virus protection
۞ Download last version of Stinger stand alone virus scanner
۞ Download, install, update and run the fixer of CWShredder and CoolWWWSearch.SmartKiller removal in safe mode
۞ Download install and update Spybot, Ad-aware, and VX2cleaner plug-in for ad-aware
۞ Run full system scan in safe mode with Stinger, Spybot and Ad-aware (run the VX2cleaner scan first)
۞ Download install and update Spywareblaster, one of firewall Zonealarm / Kerio and DCOMbobulator for extra protection
۞ If the problem persist download HijackThis and send the report log back to this forum
۞ Turn on system restore

Note:
All above software are free for personal use
When email address needed for registration some site not explicitly but deny hotmail account probably occur to all free base email addresses

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Sunday, November 28, 2004 at 6:10 pm
Posted by Seth (50 messages posted)

Thanks. I will try your suggestions.


On Sunday, November 28, 2004 at 5:21 pm, Yap wrote:
>
>

Common Removal Procedure of Virus/Trojan/Spyware/Mallware/Adware


>

۞
>Turn
>off system restore, empty Temp, Temporary Internet Files, and Recycle Bin...
>
>۞ Open folder options -> view tab
>        ◊ Check
>
>Show hidden files and folders
>        ◊ Uncheck
>
>
>Hide extensions for known file types
>        ◊ Uncheck
>
>Hide protected operating system files (Recommended)
>        ◊ Uncheck
>
>Use simple file sharing (Recommended)
>۞ Run online virus scan at Trendmicro
>or
> Panda site
>
>۞ Run PestPatrol online
>Spyware scan
>۞ Update your anti virus definition and scan the system...
>        ◊ Download, install and update
>AVG or
>AntiVir in case you don't have anti virus
>protection
>
>۞ Download last version of
>Stinger stand alone virus scanner
>۞ Download, install, update and run the fixer of
>CWShredder and
>
>CoolWWWSearch.SmartKiller removal in
>safe
>mode
>
>۞ Download install and update
>Spybot,
>Ad-aware, and
>VX2cleaner
>plug-in for ad-aware
>۞ Run full system scan in
>safe
>mode with Stinger, Spybot and Ad-aware (run the VX2cleaner scan
>first)
>۞ Download install and update
>
>Spywareblaster, one
>of firewall
>
>Zonealarm / Kerio and
>DCOMbobulator for extra
>protection
>۞ If the problem persist download
>HijackThis and
>send the report log back to this forum
>
>۞ Turn on system restore


>

Note:
>All above software are free for personal use
>When email address needed for registration some site not explicitly but deny
>hotmail account probably occur to all free base email addresses

 Thanks. I will try your suggestions.

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Sunday, November 28, 2004 at 7:03 pm
Posted by Yap (4094 messages posted)

u r welcome :)

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Monday, November 29, 2004 at 4:23 am
Posted by Seth (50 messages posted)

As Requested. Problem is persisting. Logfile of HijackThis v1.97.7 Scan saved at 11:24:03 PM, on 29/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Telstra\Cable Login\bpcable.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\BPALogin\BPALogin.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe C:\WINDOWS\System32\DkLog.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\dkcktkn.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE C:\Documents and Settings\Dr Gothic\Desktop\Downloads\stinger.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Dr Gothic\Desktop\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - C:\WINDOWS\System32\popup_bl.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe" O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd64.exe internat.dll,LoadKeyboardProfile O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Udoc] C:\Documents and Settings\Dr Gothic\Application Data\rpat.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: BPALogin.lnk = C:\Program Files\BPALogin\BPALogin.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Multimedia Keyboard Driver.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ConferenceRoom Java Client - http://nsw-chat.telstra.com/java/cr.cab O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1093178935562 O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093177363265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38041.9739699074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab


On Sunday, November 28, 2004 at 7:03 pm, Yap wrote:
>u r welcome :)

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Monday, November 29, 2004 at 4:43 am
Posted by Yap (4094 messages posted)

You use older version of hijackthis... download the latest version here
then run hijackthis log and give a checkmark in front of below lines and click fixed button

C:\Program Files\Common Files\Real\Update_OB\realsched.exe (real player is one of wellknown spyware uninstall it)
C:\WINDOWS\System32\DkLog.exe (refer to Russian Rainbows Technology delete if you don't need it)
C:\WINDOWS\System32\dkcktkn.exe (refer to Russian Rainbows Technology delete if you don't need it)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file)
O2 - BHO: (no name) - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - C:\WINDOWS\System32\popup_bl.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C}
- C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000
Series Software\DkAutoReg.exe (refer to Russian Rainbows Technology delete if you don't need it)
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series
Software\DkStartup.exe (refer to Russian Rainbows Technology delete if you don't need it)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
 -osboot (real player is one of wellknown spyware uninstall it)
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd64.exe internat.dll,LoadKeyboardProfile
O4 - Global Startup: Multimedia Keyboard Driver.lnk = ?
 

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Monday, November 29, 2004 at 5:39 am
Posted by Yap (4094 messages posted)

just pass tgt bho...
after restart the computer delete the real file (hijackthis only delete the registry entries) exept TGT_BHO.dll
then run hijackthis one more time and send the new log here...

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Monday, November 29, 2004 at 11:46 pm
Posted by Seth (50 messages posted)

Hi Yap, I deleted all suggested apart from Rainbow (work related VPN) and TGT (skinning program). After a restart the links embedded into IE have gone and after 30 minutes my IE has not opened by itself. Touch wood it stays like this. Here is my Hijack this log. Thanks for your time Yap. Logfile of HijackThis v1.98.2 Scan saved at 6:35:59 PM, on 30/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Telstra\Cable Login\bpcable.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\BPALogin\BPALogin.exe C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\DkLog.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\dkcktkn.exe C:\Documents and Settings\Dr Gothic\Desktop\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe" O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Udoc] C:\Documents and Settings\Dr Gothic\Application Data\rpat.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: BPALogin.lnk = C:\Program Files\BPALogin\BPALogin.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ConferenceRoom Java Client - http://nsw-chat.telstra.com/java/cr.cab O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093177363265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


On Monday, November 29, 2004 at 5:39 am, Yap wrote:
>just pass tgt bho...
>after restart the computer delete the real file (hijackthis only delete the registry
>entries) exept TGT_BHO.dll
>then run hijackthis one more time and send the new log here...

[Reply or follow-up to this message]

re: Links Embedded into Internet Explorer
Tuesday, November 30, 2004 at 1:33 am
Posted by Yap (4094 messages posted)

yeh it is all clean now :)
you are welcome :)

[Reply or follow-up to this message]

Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
Return to the Windows XP Discussion Forum


All content at Annoyances.org is Copyright © 1995-2009 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.