Google redirect from common hijack

By winebum
Feb 2, 2005
  1. I have been hit with the Google redirect. I have used every software fix I could find and it keeps coming back. All of the postings that I have found don't have the matching file that my results produced. I have upload the text file from Hijackthis.

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode
    Switch off Restore Points
    Press ctrl/alt/del and in Taskmanager try to STOP these processes (if there):


    UNinstall your Googlebar(s), it is a mixed-up mess.
    UNinstall anything to do with:


    Next, run HJT on its own and let it 'fix' (if still there):
    C:\Program Files\Winamp\winampa.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =

    ALL lines starting with: O1 - Hosts:

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [csrsess] C:\WINDOWS\system32\csrsess.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    ALL lines starting with: O16 - DPF:

    O23 - Service: OnVPN - Unknown - C:\PROGRA~1\AttMgmt\VPN\Service\Srvany.exe

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Clean out your TEMP directory, all cookies and all your temp. internet files.
    Install Firefox from and stop using IE!!!

    Report back with a new log if you still have problems.
  3. winebum

    winebum TS Rookie Topic Starter

    It is still there, Google redirect

    I follow the instructions that was sent and the redirect is still there. I have attached the latest text file.

    Attached Files:

  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode
    Stop System Restore
    Press ctrl/alt/del and in Taskmanager try to STOP scrsvc.exe

    Then run HJT on its own and 'fix':
    ALL lines starting with: O1 - Hosts:
    O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\system32\scrsvc.exe

    Now delete C:\WINDOWS\system32\scrsvc.exe

    Reboot and reactivate System restore
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...