Solved google redirect

typed cmd and it did not open a command prompt??

 

Yes it was to open a command prompt.

If it still doesn't work try
Open taskmanager
At the top clickon File, >>New Task (Run) type in command.

 

Still doesn't work. After I type cmd, a dos window does not appear. All that happens is that my taskbar at the bottom of the screen briefly disappears then reappears. It doesn't matter if I go through the start menu or through the task manager screen--it doesn't work. Any advice? Why am I not able to view a command prompt?

 

First thing that comes to mind is it's been disabled by the infection


Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

Code:

:Processes
explorer.exe
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
 "aux2 "=- 
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.









Please continue with the rest of the instructions I had posted for HostsXpert and a Gmer scan.


Please post OTMoveIt log
ARK log

 

Here's the otmoveit log...working on the rest...

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\\aux2 deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_508.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_518.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_210936

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_508.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_518.dat not found!

 

Thank you.
So far it says deleted.

 

ok juliette...tried to use hostsxpert, first it said "your DNS Client Service is running and should be disabled "...so i followed the instructions to disable my dns client. The same warning screen came up again. I tried to go ahead and proceed with the download. I then got a message that hostexperts cannot connect to the website.

While this was going on I got an error message that avgnsx.exe has encountered an error and will be shut down. This has happened a couple of times in the last day or so.

Do you still want me to run the rootkit scan?

 

Yes please.



The please open MBAM and update

Let it do a quickscan, remove/delete what it finds.


Also, it's late here and I'm signing off for the night.
Post your logs and I'll see them first thing in the morning.

 

rootkit scan...
GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-24 21:56:54
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

...nothing found on MBAM

also...i just rebooted my machine and all of my tray icons have reappeared. i'm also heading for bed. thanks again. we'll talk tomorrow.

 

OK
Gmer is clean
MBAM is clean


How's the computer now?

 

seems to be running fine...all of my taskbar icons are visible and no-google redirect.

 

Well, I've got my fingers crossed.

Next open OTMoveIt, then click on "CleanUp! ".
If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.

They are not needed anymore, so OTMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.


This should do it.

 

finished rebooting and all looks good...thanks for everything. My fingers are crossed.

Last question, can I delete gmer and regquery?

 

You sure can.
I'm sorry that I forgot, we've had so many tools on the machine it's easy to forget.

 

Glad we could help.

Since this issue appears resolved ... this Topic is closed.