Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Results Redirected


  • This topic is locked This topic is locked
4 replies to this topic

#1 CUser02

CUser02

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 03 April 2007 - 06:28 PM

Hi,
My google or yahoo search results get redirected.

I am attaching my hijackthis report. Also below is my Fixwareout report:

Please help me with this....

Thanks


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kduma.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kduma.ren 63436 08/04/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"TFncKy"="TFncKy.exe"
"TPSMain"="TPSMain.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Walgreens PhotoShow Media Manager"="C:\\PROGRA~1\\WALGRE~1\\WALGRE~1\\data\\Xtras\\mssysmgr.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Attached Files



BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:36 PM

Posted 04 April 2007 - 04:55 AM

Hi,

It looks like you already solved your issue.
Please do not attach logs, but copy and paste them in the thread.


Check and fix next leftovers in HijackThis:

O17 - HKLM\System\CCS\Services\Tcpip\..\{36F98D0A-F565-4054-B338-C71F86C4B4CC}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{7122DD76-432F-418F-8D02-DBEC00B4350A}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{948D48CE-2682-4A37-AD69-80AA634E3AC9}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEB99855-CD2C-4BDB-B846-0E6368B35C06}: NameServer = 85.255.113.146,85.255.112.66

In case your having internet connection problems after fixing above line, do next:

Go to Start -> Control Panel, and choose Network Connections.
Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.
Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.
Click OK twice, and restart your computer.

Then delete next file:

C:\WINDOWS\Temp\kduma.ren

Let me know if the redirections are gone now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 CUser02

CUser02
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 05 April 2007 - 06:47 PM

Hi miekiemoes,

Thanks for your reply..

Tried a couple of searches and looks fine so far....


Thanks

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:36 PM

Posted 06 April 2007 - 04:37 AM

Good to hear and Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:36 PM

Posted 15 April 2007 - 05:27 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users