Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

amazingautosearch [CLOSED]

Started by helenting , Apr 11 2004 07:08 AM

  • This topic is locked This topic is locked

#1
helenting
Posted 11 April 2004 - 07:08 AM

helenting

    New Member

  • Member
  • Pip
  • 2 posts
my IE has recently been taken over by something to do with amazingautosearch and no matter how many times i delete it it always comes back. i've downloaded hijack this and did a scan. this is what came up (see following post). could anybody give some advice as to what to delete and what not to?
  • 0

Advertisements

#2
helenting
Posted 11 April 2004 - 07:09 AM

helenting

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.97.7
Scan saved at 9:54:20 PM, on 11/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\qkshield.exe
C:\PROGRA~1\IDLETW~1\Film amok.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Alset\HelpExpress\Sesshoumaru\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Sesshoumaru\Client\HelpExp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\NJStar Communicator\NJCOM32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SysAI\SysAI.exe
C:\WINDOWS\emsw.exe
C:\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...ww.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
N3 - Netscape 7: user_pref("browser.startup.homepage", "amazingautossearch.com"); (C:\Documents and Settings\Sesshoumaru\Application Data\Mozilla\Profiles\default\qv93whsa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Sesshoumaru\Application Data\Mozilla\Profiles\default\qv93whsa.slt\prefs.js)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {126E69DD-FDF9-5F39-4D97-EA0F372D71E1} - C:\PROGRA~1\copybib\Doesbrowse.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: firstmagssafe - {781D94C9-9572-0963-DB44-DB57108D8BE1} - C:\PROGRA~1\copybib\Doesbrowse.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuikShield] qkshield.exe
O4 - HKLM\..\Run: [soap eq] C:\PROGRA~1\IDLETW~1\Film amok.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Sesshoumaru\HXIUL.EXE
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Sesshoumaru\Client\HelpExp.exe
O4 - Startup: NJStar Communicator.LNK = C:\Program Files\NJStar Communicator\NJCOM32.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1079274788867
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7866.1158101852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

#3
admin
Posted 11 April 2004 - 10:00 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Welcome helenting <_<

Run this uninstall tool for LOP: http://lop.com/new_uninstall.exe

When finished post a new log and we'll see what's left. :D
  • 0

#4
Valorian
Posted 11 April 2004 - 04:57 PM

Valorian

    New Member

  • Member
  • Pip
  • 1 posts
Well.. I don't know if this helps, but it helped me:

If you run XP , this should work:

Go to 'control panel' -> 'remove / add software' and remove 'windows searching' .... yep , it sounds simple, and it is.
  • 0

#5
admin
Posted 11 April 2004 - 08:36 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Thanks Valorian <_<

Actually LOP can be one of many names, including these:
Browser Enhance r
Brows er Enhancer
Ultimate Browse r Enhancer
Ultimate Browser En hancer
L.O P. Un insta11
L O.P. Un instal1
Live 0n line Portal
Live.0nli ne Porta1

They're constatnly changing names, and it's not always easy to identify. Of course, it's always a good idea to look through add/remove programs and remove any programs that you haven't installed.
  • 0

#6
Kat
Posted 03 September 2005 - 12:42 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP