Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google analytics pop up redirect IE8 w/fresh XP install


  • This topic is locked This topic is locked
4 replies to this topic

#1 shades69x

shades69x

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 13 February 2011 - 04:23 AM

With a fresh install of XP Media Center edition I get google analytics redirects to various websites. Avira antivirus & malwarebytes antimalware installed.

DDS file:


DDS (Ver_10-12-12.02) - NTFSx86
Run by shades at 3:44:28.89 on Sun 02/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1389 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\shades\My Documents\My Downloads\dds.scr

============== Pseudo HJT Report ===============

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-13 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-13 61960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-2-13 100456]

=============== Created Last 30 ================

2011-02-13 08:34:06 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-02-13 08:34:06 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-02-13 08:34:05 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-02-13 08:34:04 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-02-13 08:34:04 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-02-13 08:34:04 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-02-13 08:34:03 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-02-13 07:10:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-02-13 07:08:36 -------- d-----w- C:\NVIDIA
2011-02-13 06:08:22 -------- d-sha-r- C:\cmdcons
2011-02-13 06:07:48 98816 ----a-w- c:\windows\sed.exe
2011-02-13 06:07:48 89088 ----a-w- c:\windows\MBR.exe
2011-02-13 06:07:48 256512 ----a-w- c:\windows\PEV.exe
2011-02-13 06:07:48 161792 ----a-w- c:\windows\SWREG.exe
2011-02-13 06:01:57 -------- d-----w- c:\docume~1\shades\applic~1\Malwarebytes
2011-02-13 06:01:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-13 06:01:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-13 06:01:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-13 06:01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 05:59:40 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-02-13 05:18:58 -------- d-----w- c:\windows\system32\NtmsData
2011-02-13 05:15:10 -------- d-----w- c:\docume~1\shades\applic~1\Avira
2011-02-13 05:13:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-13 05:13:05 -------- d-----w- c:\program files\Avira
2011-02-13 05:13:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-02-13 05:06:18 -------- d-sh--w- c:\documents and settings\shades\PrivacIE
2011-02-13 04:58:48 -------- d-----w- c:\windows\system32\scripting
2011-02-13 04:58:48 -------- d-----w- c:\windows\system32\en
2011-02-13 04:58:48 -------- d-----w- c:\windows\system32\bits
2011-02-13 04:58:48 -------- d-----w- c:\windows\l2schemas
2011-02-13 04:57:28 -------- d-----w- c:\windows\network diagnostic
2011-02-13 04:53:10 -------- d-sh--w- c:\documents and settings\shades\IETldCache
2011-02-13 04:50:56 -------- dc-h--w- c:\windows\ie8
2011-02-13 00:53:15 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-13 00:53:15 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-02-13 00:53:09 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-13 00:42:07 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-13 00:41:33 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-13 00:41:24 2560 ------w- c:\windows\system32\xpsp4res.dll
2011-02-13 00:41:23 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-02-13 00:38:01 -------- d-----w- c:\windows\system32\PreInstall
2011-02-13 00:38:00 -------- d--h--w- c:\windows\$hf_mig$
2011-02-13 00:31:29 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-02-13 00:31:09 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-02-13 00:31:09 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-02-13 00:31:08 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-02-13 00:31:05 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-02-13 00:31:05 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-02-13 00:31:04 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-02-13 00:28:21 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-02-13 00:27:24 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-02-13 00:27:23 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2011-02-13 00:27:23 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-02-13 00:27:22 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2011-02-13 00:23:40 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-02-13 00:23:25 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-02-13 00:23:25 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-02-13 00:23:25 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-02-13 00:23:25 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-02-13 00:23:25 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-02-13 00:23:25 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-02-13 00:23:25 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-02-13 00:22:29 -------- d-----w- c:\windows\ASUSInstAll
2011-02-13 00:18:40 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2011-02-13 00:18:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

==================== Find3M ====================

2011-02-13 07:09:18 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-13 07:09:18 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-13 07:09:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 00:56:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-08 00:56:50 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 00:56:48 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-08 00:56:48 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-08 00:56:48 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-08 00:56:48 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 00:56:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-02 09:12:06 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll

============= FINISH: 3:45:21.64 ===============

EDIT: Please be patient. There are over 180 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Attached Files


Edited by Budapest, 14 February 2011 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:51 PM

Posted 15 February 2011 - 08:36 PM

Hello,

Let me know if this gets rid of the Google redirect:

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
  • Under General tab:
  • Select "Obtain an IP address automatically".
  • Select "Obtain DNS server address automatically".

[*]Click OK twice to save the settings.
[*]Reboot if you had to change any setting.[/list][/list]

NEXT:



Flush the DNS cache
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following
ipconfig /flushdns
  • then hit enter
  • Exit the command window.

After that, Reboot

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 shades69x

shades69x
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 16 February 2011 - 12:48 PM

Hi Sweettech,

Thank you for the response. I will try this tonight. I had flushed the DNS on the computer and shut down the power to the router thinking that would reset it. Also, I have multiple computers on my home network, do I have to flush the DNS on all of them? Should I disconnect from the network to do the flushDNS? One of the computers is a win 98 (backup to my backup) is the flush DNS done the same way for Win98?

Thanks again...

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:51 PM

Posted 16 February 2011 - 12:51 PM

Yes, I would flush the DNS on all of the computers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:51 PM

Posted 19 February 2011 - 11:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users