Be sure to unplug from the internet and do it in SAFE MODE.

Tried a system restore which failed, the system restore didn’t actually complete for some reason.  Deleting a bit from Hijackhis log didn’t do anything and the second scan showed nothing and windows defender shows nothing

Please a Full System Scan in Safe Mode.

Hi JDLM,

I'll explain later why the System Restore failed - you don't want to do that now.

We'll try another way to rid you of this infection.

Connect to the internet.  Download, install and update the FREE version of Malwarebytes here.

Once those steps are completed, unplug from the internet, restart your computer in SAFE MODE and run a complete Malwarebytes scan.  If items are found, follow the Malwarebytes suggested procedure.

This next step is optional but recommended. Delete your System Restore Points by turning off System Restore. Many infections will become embedded in your previous restore points - therein lies the possibility that they may return. Also you may find that the malware has already erased your restore points.

Restart your computer in Normal Mode and check how things are working.

Once you are completely sure your computer is clean, you can turn ON System Restore.

Please let us know how you do with this.

EDIT: I was typing as Floating_Red was posting.  It is very important to perform the suggested scans in SAFE MODE.

---

Phil_D wrote:

Hi JDLM,

 

I'll explain later why the System Restore failed - you don't want to do that now.

 

We'll try another way to rid you of this infection.

 

Connect to the internet.  Download, install and update the FREE version of Malwarebytes here.

 

Once those steps are completed, unplug from the internet, restart your computer in SAFE MODE and run a complete Malwarebytes scan.  If items are found, follow the Malwarebytes suggested procedure.

 

This next step is optional but recommended. Delete your System Restore Points by turning off System Restore. Many infections will become embedded in your previous restore points - therein lies the possibility that they may return. Also you may find that the malware has already erased your restore points.

 

Restart your computer in Normal Mode and check how things are working.

 

Once you are completely sure your computer is clean, you can turn ON System Restore.

 

Please let us know how you do with this.

 

EDIT: I was typing as Floating_Red was posting.  It is very important to perform the suggested scans in SAFE MODE.

Message Edited by Phil_D on 09-25-2008 10:16 PM

---

That is correct.

---

Phil_D wrote:

That is correct.

---

Correct: “not”.

I’m afraid you’re going to have to keep fighting, the Malwarebyte did remove something but not whatever is causing the internet page to open on startup.

JDLM,

We're not really fighting - sometimes one person is typing just at the same time another one is posting.

Did you delete your System Restore Points?

I was looking at that page: http://www.threatexpert.com/report.aspx?uid=0863776c-5334-46c6-90bd-331360b31ef8 to see what has happened and looking at the registry values tha have been created, one has been made to run ati2sgav.exe on startup.  I searched for ati2sgav.exe and opened it, it opened the webpage that I keep getting directed to.  I then moved this file to my desktop and resarted and I no longer get the problem!!

thanks for all your help though guys

Congratulations! 

Glad to hear that you were successful.

Be sure to double check all of the removal instructions on that link to make sure you are rid of it for good.

Best Wishes.

01. What Norton Product and Version have you got, e.g. Norton Internet Security 2009?

02. What O.S., S.P. do you have?

03. If it is either Norton 2008 or 2009, have you done a Full System Scan in Safe Mode with Updated Virus Definitions; if it is earlier than that, Upgrade to N.I.S. 2009 and then do a Full System Scan in Safe Mode after Running Norton LiveUpdate.