Google Redirect Problem

Hewlett-packard Genuine hp pavilion dv60...
July 16, 2009 at 23:00:42
Specs: Windows Vista

I've had the this problem with my google & yahoo search for a day. When I click the link, I get redirected to a different search engine or some sort of advertisement page.
I've DLed adware, spyware terminator, and spybot. However, spybot cannot be opened and none of the other scans have fixed my problem.
System Restore also doesn't work as there is a "disk failure."

Here is my HJ logfile, thanks so much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:40 AM, on 7/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CCDB9C7-08F8-44B1-9F57-1A0460ACCC05}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D7BFFA3-7E56-4F1B-8F20-CCC763C31EBC}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E4D1CA8-B5F5-40B2-9665-2599E22434F5}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =,
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9d7eefdf46390) (gupdate1c9d7eefdf46390) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

End of file - 10879 bytes

See More: Google Redirect Problem

Report •

July 17, 2009 at 06:02:10
Download and run Kaspersky AVP tool in safe mode:
Once you download and start the tool in safe mode:
# Check below options:

    * Select all the objects/places to be scanned. 

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to Post download link in your next message.

Illustrated tutorial:

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 17, 2009 at 16:39:00
The server seems to be down -- network keeps timing out. I am unable to get to the site. I'll keep trying. Thanks for your quick response though.

Report •

July 17, 2009 at 17:01:45

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Related Solutions

July 18, 2009 at 15:30:42

The scan finally finished and here's the link:

I ran everything in safe mode. The google redirect is still present.
Let me know what's next, thanks again!

Report •

July 18, 2009 at 15:43:28
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connect to internet. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

ExecuteAVUpdateEx( '', 1, '','','');

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called inside. Upload that file to and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 18, 2009 at 16:44:31
Any other place I can download AVZ?
Same issue that I had before with Kaspersky

Report •

Report •

July 18, 2009 at 18:02:52
AVZ link:

DDS link:

Thank You!

Report •

July 18, 2009 at 18:53:48
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

SearchRootkit(true, true);

2) Change your dns servers to Open DNS and reboot.

PS: Check and see if you still are getting redirected.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 18, 2009 at 19:38:01
Back to normal, thank you so much!

Would it now be acceptable for me to uninstall some of the spyware removal programs I had previously installed?
Or are there additional diagnostics that need to be executed?

Thanks again!

Report •

July 18, 2009 at 19:39:33
Run one more log just to eliminate rootkit. Follow these steps in order numbered:

1) Download GMER:
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 18, 2009 at 21:06:49
Hi, I've ran the program 5 times and each time, Windows closes the program.

"The program has stopped working" or something along the lines of that.

Any ideas?

I disabled every real-time protection.

Report •

July 18, 2009 at 21:11:47
Run it in safe mode.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 18, 2009 at 21:29:05
jdk, do you not know the rules of this site????
People are NOTsupposed to post a HJT log unless
requested by a qualified member. What gives with that???

Some HELP in posting on plus free progs and instructions Cheers

Report •

July 18, 2009 at 22:07:58
GMER still doesn't completely scan in safe mode -- it always stops working and the program needs to be closed.

The first time it closed, my computer was rebooted.

Do I need to delete GMER and download another copy in safe mode?

Report •

July 19, 2009 at 05:35:11
Run complete scan with . Post screenshot of what gets detected.

XpUser4Real talk to the admins? I didn't post HjT... yzarius did. If they have problem they can delete his post. If i see something wrong i try to help :).

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 09:40:20
Here's the rapidshare link:

For the scan, should I just leave it there or click next?

Report •

July 20, 2009 at 09:58:01
Original problem fixed?

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 13:55:08
yeah the redirect is gone.

anything else?

Report •

July 20, 2009 at 13:56:42

1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 14:52:43
Malware Bytes won't run.

Report •

July 20, 2009 at 14:57:24
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Attach a Combofix log, please review and follow these instructions carefully.

Download it here ->

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs ( Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to and paste the link here.

2) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 15:16:12
I renamed the Malwarebytes file and now it is running properly, should I run a scan from there first?

Report •

July 20, 2009 at 15:27:21
Follow: Response Number 22 first.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 18:57:10
I couldn't find the combofix text file but here's the link to the quarantine file:

Report •

July 20, 2009 at 19:00:53
Link doesn't work log should be here c:\combofix.txt .

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Report •

July 20, 2009 at 19:19:24
Still no text file, was I suppose to run combofix in safe mode?

Report •

July 20, 2009 at 19:22:59
Uninstall Combofix by: pause Antivirus/Sypware programs ( Programs to disable) > Start > run > type combofix /u > ok.

No need run it again follow:

Please download RootRepeal Rootkit Detector and save it to your Desktop.

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.
* Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) (click here if you're not sure how to do this. Vista users refer to this link.)
* Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the Report tab at the bottom of the program window
* Click the Scan button
* In the Select Scan dialog, check:

    * Drivers
    * Processes
    * SSDT
    * Hidden Services

* Click the OK button
* In the next dialog, select all drives showing
* Click OK to start the scan
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Upload rootrepeal.txt to and post the download link in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 20:26:22
I was getting the following messages: "Could not read the boot sector. Try adjusting the disk access level in the options dialog." & then another rootrepeal error message saying "Could not read the system registry! Please contact the author!"

But there was no crash.

Here's the report I still received though:

Thanks again

Report •

July 20, 2009 at 20:39:33
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

SearchRootkit(true, true);

2) After reboot execute following script in AVZ:


A file called should be created in C:\. Upload that file to and Private message me download link.

3) Follow these steps carefully and in order numbered:

1) Download The Avenger by Swandog46 from here.

2) Unzip/extract it to a folder on your desktop.

3) Double click on avenger.exe to run The Avenger.

4) Click OK.

5) Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.

6) Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

Files to delete:

7) In the avenger window, click the Paste Script from Clipboard, button.

8) Click the Execute button.

9) You will be asked Are you sure you want to execute the current script?.

10) Click Yes.

11) You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.

12) Click Yes.

13) Your PC will now be rebooted.

Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.

14) After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

15) Please upload this log to and post a download link to the uploaded file.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 20, 2009 at 20:45:15
jdk (by neoark)
Obviously you are no Jabuck. He understood the rules of the forum and KNEW that HJT posts had to be requested by a qualified helper. When someone posted a HJT without a request, he would let the poster know. it is forum etiquette.

Some HELP in posting on plus free progs and instructions Cheers

Report •

July 20, 2009 at 21:19:33
Here's the avenger text:

Report •

July 21, 2009 at 05:26:58
yzarius: Redo Response Number 22 in normal mode. How is your computer running now?

XpUser4Real: Gotcha will keep that in mind.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 21, 2009 at 15:15:42
The scan ran and finished normally.

Report •

July 21, 2009 at 15:34:24
Still need combofix log. The link you send me is wrong link.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 21, 2009 at 16:02:27

right one?

Report •

July 21, 2009 at 16:05:07
How is your system running now? Seems like we got everything just some cleaning up left to do. Follow Response Number 20. Then Downlaod and run ccleaner (temp and registry).

Uninstall Combofix by: pause Antivirus/Sypware programs ( Programs to disable) > Start > run > type combofix /u > ok.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 21, 2009 at 20:09:52
Where can I find CCleaner?

The System seems to be running fine, google search is back to normal in Firefox and IE. And I didn't have to rename MalwareBytes, now I'm just waiting for the other scan to finish.

Thanks again.

Report •

Report •

July 22, 2009 at 04:23:32
Malwarebytes' Anti-Malware 1.39
Database version: 2476
Windows 6.0.6001 Service Pack 1

7/21/2009 10:53:29 PM
mbam-log-2009-07-21 (22-53-29).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 347595
Time elapsed: 3 hour(s), 29 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\od\Desktop\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully.

Report •

July 22, 2009 at 04:23:47
SUPERAntiSpyware Scan Log

Generated 07/22/2009 at 00:30 AM

Application Version : 4.26.1006

Core Rules Database Version : 4010
Trace Rules Database Version: 1950

Scan type : Complete Scan
Total Scan Time : 01:22:50

Memory items scanned : 773
Memory threats detected : 0
Registry items scanned : 7799
Registry threats detected : 0
File items scanned : 27925
File threats detected : 82

Adware.Tracking Cookie

Report •

July 22, 2009 at 04:28:42
combofix is uninstalled.

Is it safe to uninstall anything else or install a new program for class?

Report •

July 22, 2009 at 05:25:10
Yes you can delete everything else. Avenger was false positive detection. Your clean :).

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 22, 2009 at 05:27:53
This was my first time using this site and it was very helpful.
Thanks again for everything!

Report •

August 8, 2009 at 08:47:45
i had this problem long time ago. i fixed it with windows live one care. it's actually some kind of spy ware or virus or Trojan. this Trojan is redirecting your page because it wants to download other viruses from the internet ad infect the computer. it turns off windows defender and you can't turn it on. i had trend micro internet security 14, which could not even try to remove the Trojan. some how i got the info about it on Microsoft's website. they told me to download windows live one care. as soon as i finished installing it. it said there is a Trojan in you computer. it deleted about 25 Trojans off my computer. now it works fine. . i will put the link about it if i find it.

Report •

August 8, 2009 at 08:50:13
if it doesnot work try deleting all the cooking. every time you search something on google.

Report •

August 8, 2009 at 09:00:10
i got the link of the trogan from windows defender. if it finds some thing, you can get more information about it.

Report •

August 8, 2009 at 09:17:50
i just remembered that the virus was called win32 or something

Report •

Ask Question