Bubble Warnings, Red Desktop, IE Window Opens etc....

• If you can't follow my instructions because they don't make sense, then ask for clarification.If you can't follow them because what I am asking you to do can't be done, then let me know.
  If for some other reason there is a problem with the instructions, just let me know, and we will deal with them.

• Getting rid of the malware that already is on your computer.Get the tools and learn how to use them.
  Then there is attitude. You need to make sure you use the tools regularly, and your surfing habits don't leave you open to malware.

First, just to let you know fixing this may take several days, it may seem like we are not going anywhere, but first we have to gather information before we can get to removing the problem. Go to your copy of Hijackthis and rename hijackthis.exe to analyser.exe. There is some malware that can hide from hijackthis.exe. Please download Combofix from here: http://download.bleepingcomputer.com/sUBs/combofix.exe Or http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe ** Take note that the links are case sensitive Save ComboFix to the desktop. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Post the contents of that log in your next reply with all other logs requested. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix ** ComboFix will not run in Safemode. Please download SmitfraudFix (by S!Ri) to your Desktop.

 _____________________________

Download : Download AVG Anti-Spyware 7.5 and save that file to your desktop. This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Select Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
3. Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
4. Go to Start > Run and type: services.msc
5. Press "OK".
6. In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware 7.5 guard.
7. When you find the guard service, double-click on it.
8. In the Properties Window > General Tab that opens, click the "Stop" button.
9. From the drop-down menu next to "Startup Type", click on "Manual".
10. Now click "Apply", then "OK" and close the Services window.
11. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
12. On the main screen select the icon "Update" then select the "Update now" link.
13. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
14. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
15. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
16. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
17. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.

______________________________

Double-click smitfraudfix.exe Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/processutil/processutil.htm IMPORTANT: Do NOT run any other options until you are asked to do so! Now give me a new hijackthis log using the renamed analyser.exe. So your next post will have the log from Combofix, Smitfraud and hijackthis.

• Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. 
  
• Select “Change state" to inactivate 'Resident Shield' and 'Automatic Updates' 
  
• Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows". 
  
• Go to Start > Run and type: services.msc 
  
• Press "OK". 
  
• In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware 7.5 guard. 
  
• When you find the guard service, double-click on it. 
  
• In the Properties Window > General Tab that opens, click the "Stop" button. 
  
• From the drop-down menu next to "Startup Type", click on "Manual". 
  
• Now click "Apply", then "OK" and close the Services window.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.

• 
  
• If the computer is running, shut down Windows, and then turn off the power.
  
• Wait 30 seconds, and then turn the computer on.
  
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  
• Ensure that the Safe Mode option is selected.
  
• Press Enter. The computer then begins to start in Safe mode.
  
• Login on your usual account.

_____________________________
Once in Safe Mode, double-click the SmitfraudFix.exe again.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:

• 
  
• Quit Internet Explorer and quit any instances of Windows Explorer.
  
• Click Start, click Control Panel, and then double-click Internet Options.
  
• On the General tab, click Delete Files under Temporary Internet Files.
  
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  
• Click OK.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
_____________________________
Close ALL open Windows / Programs / Folders. Close ALL open Windows / Programs / Folders.

• 
  
• While in Safe Mode, Scan with AVG Anti-Spyware as follows:
  1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • 
    
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    
  • Under "How to Scan?" check all (default).
    
  • Under "Possibly unwanted software" check all (default).
    
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
    
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  2. Click the "Scan" tab to return to scanning options.
  3. Click "Complete System Scan" to start.
  4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
  IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
  5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  6. Exit AVG Anti-Spyware when done, reboot your system back into Normal Mode.

Also I have a question, did someone else have you run RogueRemover?