ok did option 2 with selective start up.. i got the system config thing when i restarted basically saying i had turned it off.



and bobbye its what downloaded on the link in your last post this one Download and run this: RogueRemover: http://www.majorgeeks.com/RogueRemover_d5360.html

will smitfraud do anything.. i know last time i had a virus and was here (over a year ago) it said to use smitfraud but i dont remember how to do it really.

Ah-ha. I witnessed your confusion.

The offer to download Registry Mechanic sits on your computer while the link to the requested program spins for a while. Eventually (without popup blocker enabled) you finally are offered the dialog box to run/save..

Popup blocker can be turned off temporarily or just for the D/L by click at the top of the browser (depending on toolbars & such)

Hope this helps

ok thanks.. so i can delete the registry mechanics then i'll install and upload the new log sorry about that...

when i tried to check it for updates it said,
"an Error occured in function UpdateExists (2)
Could Not create a handle to update the file. Please Report this Error to the RogueRemover Team"

so i ran the scan without the update and it claims its clean. that rogue remover didnt detect any items... but i still have the little warning thing.

I Believe I got it. well part of it. on another site i saw that someone found these files that do not belong

"qttask.exe
hpmon.exe
qttaskm.exe
hpmom.exe
Run a search on your computers for these 4 files and delete them. After I did this I no longer received the pop-ups."

when i searched all of mine were in the same folder, it was called Web Media Viewer so i deleted them, I turned my internet off and ran teh computer in safe mode and then deleted them because it wouldnt delete them any other way. After I did this i stopped recieving pop ups. I'm going to do another scan with SAS and see what it says.

My only problem is i keep getting page load errors for mozilla firefox now. any ideas? It was loading fine on Saturday up until i started getting the random flashing yellow triangle and exclimation mark but still istn working. any ideas? I've even tried updating it. maybe the scan with sas will show something.

This was covered but I don't think you understood it: When you choose Selective Startup and make changes on the Startup menu, Windows considers this as a diagnostic procedure only. So you get a nag message to this effect when you reboot. Ignore the nag message> close the nag message after checking 'don't show this message again'. STAY in Selective Startup. IF you go back into Normal Mode, none of the changes you made will be kept and the Startup will revert right back to the way it was.

I always warn people about this message, because it will always come up if changes are made. Staying in Selective Startup is OKAY- I've had my systems in it since the first day!

IS this what you were referring to?

nevermind got firefox to work.. no running sas.

ok so its fine to just keep doing the little x on it and stuff..
but will my antivirus andd stuff run on its own still, i'm thinking i'll have to go in and manually turn it on when i wnat it on right?

Sorry for making a call on this - Follow Bobbye.

.

i ran both SAS and MBAM and they all came up clean! no problems at all.. yay!!

do you still need to see the logs? i can attach them if needs be.

the trick for me was deleting those file it was in the web media viewer folder inside the program files folder on the C drive. I think its when We tried to watch an episode of The Office online from a site that wasnt the networks website.

See this site re: Virus Trigger:
http://www.bleepingcomputer.com/malw...e-virustrigger

Associated VirusTrigger Files:
You will understand then that simply deleting a file is not sufficient. Also this wad removed in Malwarebytes. See the Mbam log in Post 1.

ok so what if in the add or remove programs there is no virus trigger 2.1? There hasn't ever been one and I never got the pop up screen that started scanning like the one they showed.


when I run the MBAM it said there were no objects found. same with the SAS so does that mean they are gone or no? I can post the logs..

also all of those ones were still in the folder when i deleted them. so maybe its still infected.. but i'm getting no pop ups or anyting of the sort. and the computer is back to running up to speed.

Let's try and pull this back together. You need to focus so we can determine what is happening now.Please give me you current system status:

1. Pop-ups: are you getting any? For what? Do you us a pop-up stopper?
"but i'm getting no pop ups or anyting of the sort. and the computer is back to running up to speed."
So the pop-up problem has been resolved?
2. You were told in Post #6 to have Hijack remove the WebMediaViewer. Did you do it?
3. "getting a pop up down on the icon tray with an exlimation mark in a yellow triangle..." Technically this icon indicates an error somewhere.
4. "the little bubble that pops up saying security alert spyware found....."it wants me to download ulitmate antivirus 2008 too". Are you still seeing this- separate from the yellow triangle?
5. "said somethign like IE internet securities and then something esle under it cant remember now its gone." The only way we can help with this is if you give us the error message,

Please address these questions specifically. Then we can determine what-if anything-still needs to be resolved. Please don't download or install anything new until we get this worked out, including any new security programs or cleaners.

Sorry for being such a pain.. Thanks for being so patient with me. I put my answers in bold so its easier to see them.

1. Pop-ups: are you getting any? For what? Do you us a pop-up stopper?
No I'm not getting any pop ups. the ones I WAS getting were going through the pop up blocker. But now i'm getting NO pop ups.
So the pop-up problem has been resolved? Yes
2. You were told in Post #6 to have Hijack remove the WebMediaViewer. Did you do it?
Yes
3. "getting a pop up down on the icon tray with an exlimation mark in a yellow triangle..." It was a flashing yellow triangle its gone now, when I looked in the WebMediaViewer Folder, it was the icon for that.
4. "the little bubble that pops up saying security alert spyware found....."it wants me to download ulitmate antivirus 2008 too". Are you still seeing this- separate from the yellow triangle? [COLOR="black"]No, it was with the yellow flashing triangle, but its not happening any more[/COLOR]
5. "said somethign like IE internet securities and then something esle under it cant remember now its gone." The only way we can help with this is if you give us the error message, This is now gone too. They were icons they put on my desktop, they were in the webmediaviewer folder too.

one thing I have noticed is when I use the search box next to the web address bar on both firefox and IE it takes me to my results but its not google it looks just like google but very basic, I can take a screen shot if you'd like. If i click it a second time it takes me to google.
But it doesn't do it every time. Like just now i did it and it took me to that one, and now its taking me to google no matter what i put in for the search.

It sounds like the problems you started this thread with have been resolved. The purpose of this thread was to clean up the malware. That has been done.

Time to remove the cleaning tools:
Clear your existing System Restore points and establish a new clean restore point:
If you are experiencing a different problem, non-malware related, please post a separate thread describing the problem in either the 'Windows OS' or "Software & Utilities' forums.

wait...

I wanna see something to be sure before they clean up the tools
====================================

Run Smitfraudfix

• Download Smitfraudfix by S!ri from HERE
• Double-click SmitfraudFix.exe
• Select 1 and hit Enter
• The report can be found at the root of the system drive, usually at C:\rapport.txt

=====================================

Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

Attach Here:
1) rapport.txt
2) kaspersky log

I think something isnt right when I go to run SmitFraud once it loads i get a RED screen and it says.

IEDF.exe file Missing!


then it says press any key to continue and when i do it closes the box and i wait and wait and nothing happens. I've tried it 3 or 4 times now.