all about searching.com

piglet: all about searching.com

Hi, I have the same problem,too.

don't know which one to delete >.<


Logfile of HijackThis v1.97.7
Scan saved at 上午 10:03:22, on 2004/5/8
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\GEARSEC.EXE
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
E:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
E:\WINNT\system32\rundll32.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\WINNT\system32\atiptaxx.exe
E:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
E:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
E:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINNT\system32\internat.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINNT\TEMP\Rem3.exe
E:\Program Files\Winamp\winamp.exe
E:\Program Files\Kuro\Kuro.exe
E:\Documents and Settings\Administrator\Desktop\HijackThis.exe
E:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: JM?M a
O1 - Hosts: J6?6
O1 - Hosts: JU?U
O1 - Hosts: E
O1 - Hosts: 沐Y沐Y?Y?Y?Y?Y?Y?Y0oYh?Y?Y?Y?Y?
Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y碰Y碰Y?Y?Y ?Y?
Y?Y?Y?Y?Y?Y?Y?Y?Y?YYY?Y?Y?Y?Y?Y?
Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y陘Y陘YYYYYYY Y Y(Y(Y0Y0Y8Y8Y@Y@YHYHYPYPYXY
XY`Y`YhYhYpYpYxYxY€Y€Y?Y?
Y

O1 - Hosts:
?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?
Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: J. J.?.?.?.?.裡.裡.8`.8`.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.
?.?.?. ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.
?.?.?.?.?.?.?.?.?.?.?.
O1 - Hosts: ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.
O1 - Hosts: JU JU 邔 邔UU?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?UUU ?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U
O1 - Hosts: ?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U?U
O1 - Hosts: JM JMKMKM?M?M?M?M?M?M?M?M88?M?M((?M?M?M?M?M?MMM?M?M?M?M ?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M
O1 - Hosts: ?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M?M
O1 - Hosts: JY JY?Y?Y0UY0UY?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y鋄Y鋄Y?Y?Y?Y?Y ?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?YxtYxtY
O1 - Hosts: JY JY?Y?Y0UY0UY?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y鋄Y鋄Y?Y?Y?Y?Y ?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y?Y
O1 - Hosts: ?Y?Y
O2 - BHO: (no name) - {A6913360-62CB-CFFA-668C-C9BADEBEA8F8} - E:\PROGRA~1\SITEHO~1\Amok Global.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - E:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Drv 2 Skip - {18993DCA-1BD7-D238-2209-4085E56C51E4} - E:\PROGRA~1\SITEHO~1\Amok Global.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LVCOMS] E:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ntobskrnl.exe] E:\WINNT\system32\ntobskrnl.exe
O4 - HKLM\..\Run: [STORE JOY] E:\PROGRA~1\NEWDEF~1\bold obj atom.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "E:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [iRead] "E:\Program Files\iRead\iRead.exe" /min
O4 - HKCU\..\Run: [ntobskrnl.exe] E:\WINNT\system32\ntobskrnl.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TwMenuStartup.lnk = E:\WINNT\twmenustartup.exe
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37910.0925578704
O16 - DPF: {CD5DB70E-9969-45A5-9E45-5BAC1B2154F8} (ERADMStart.StartControl) - http://www.im.tv/bbstart.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

 

Hi piglet,

First find this file
E:\WINNT\system32\drivers\etc\hosts and rename it to hosts.bak

Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. These will now end up on your desktop.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A6913360-62CB-CFFA-668C-C9BADEBEA8F8} - E:\PROGRA~1\SITEHO~1\Amok Global.dll

O3 - Toolbar: Drv 2 Skip - {18993DCA-1BD7-D238-2209-4085E56C51E4} - E:\PROGRA~1\SITEHO~1\Amok Global.dll

O4 - HKLM\..\Run: [ntobskrnl.exe] E:\WINNT\system32\ntobskrnl.exe
O4 - HKLM\..\Run: [STORE JOY] E:\PROGRA~1\NEWDEF~1\bold obj atom.exe

O4 - HKCU\..\Run: [ntobskrnl.exe] E:\WINNT\system32\ntobskrnl.exe

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

Then reboot into safe mode and delete:
E:\PROGRAM FILES\NEWDEF~1 <= entire folder that holds bold obj atom.exe
E:\PROGRAM FILES\SITEHO~1 <= entire folder that holds Amok Global.dll

Then surf to http://www.kaspersky.com/scanforvirus.html and upload E:\WINNT\system32\ntobskrnl.exe
Let us know the results.

Regards,

Pieter

 

Brilliant!
It works~~thanx a lot for ur help (☆_☆)

 

Hi piglet,

My pleasure.
Please read:
https://www.wilderssecurity.com/showthread.php?t=27971

Regards,

Pieter