Google redirect from common hijack

Status
Not open for further replies.
W

winebum

I have been hit with the Google redirect. I have used every software fix I could find and it keeps coming back. All of the postings that I have found don't have the matching file that my results produced. I have upload the text file from Hijackthis.
 

Attachments

  • hijackthis.txt
    15.3 KB · Views: 8
Boot in Safe Mode
Switch off Restore Points
Press ctrl/alt/del and in Taskmanager try to STOP these processes (if there):
winampa.exe
csrsess.exe
AgentSvr.exe
Srvany.exe

UNinstall your Googlebar(s), it is a mixed-up mess.
UNinstall anything to do with:
C:\PROGRA~1\AttMgmt\VPN\Service\Srvany.exe

Next, run HJT on its own and let it 'fix' (if still there):
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\csrsess.exe
C:\WINDOWS\msagent\AgentSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/Web...YEAR=2004&gwCountry=US&language=EN&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://us-auto.proxy.att.com:8001

ALL lines starting with: O1 - Hosts:

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [csrsess] C:\WINDOWS\system32\csrsess.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com

ALL lines starting with: O16 - DPF:

O23 - Service: OnVPN - Unknown - C:\PROGRA~1\AttMgmt\VPN\Service\Srvany.exe

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

Clean out your TEMP directory, all cookies and all your temp. internet files.
Install Firefox from www.getfirefox.com and stop using IE!!!

Report back with a new log if you still have problems.
 
It is still there, Google redirect

I follow the instructions that was sent and the redirect is still there. I have attached the latest text file.
 

Attachments

  • hijackthis.txt
    12.2 KB · Views: 7
Boot in Safe Mode
Stop System Restore
Press ctrl/alt/del and in Taskmanager try to STOP scrsvc.exe

Then run HJT on its own and 'fix':
C:\WINDOWS\system32\scrsvc.exe
ALL lines starting with: O1 - Hosts:
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\system32\scrsvc.exe

Now delete C:\WINDOWS\system32\scrsvc.exe

Reboot and reactivate System restore
HTH
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
637
Feng Lengshun
F
A
Google will introduce one-tap "Unsubscribe" in Gmail for Android
Replies
2
Views
213
Mr Majestyk
M

Latest posts

Back