VIRUS ALERT on taskbar and no C: drive

please take a print screen of the following.

When the popups arise open task manager
click the processes tab

click the username heading to arrange the processes.
If you have to strectch the task manager to show all of the processes running under your username thats ok.

but then take a print screen.
upload it to photobucket and post the link here for me to see.
Thanks

well get this problem fixed.

task manager says task manager has been disabled by your administrator.

cant do anything. tried to run avg anti virus and done nothing and run combofx, sdfix, and smitfraudfix. maybe i am doing them wrong cus i am still getting the same problem and my windows id says virus alert keep getting all these virus infection pop up. need help asap go to school online cant submit any homework.

Do you have the logs of these programs you have run? If so, post them here please.
Judy

i saved the other files but cant find them. This was the last program i ran.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57: VIRUS ALERT!, on 9/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
D:\WINDOWS.1\System32\smss.exe
D:\WINDOWS.1\system32\winlogon.exe
D:\WINDOWS.1\system32\services.exe
D:\WINDOWS.1\system32\lsass.exe
D:\WINDOWS.1\system32\svchost.exe
D:\WINDOWS.1\System32\svchost.exe
D:\WINDOWS.1\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgfws8.exe
D:\WINDOWS.1\system32\nvsvc32.exe
D:\WINDOWS.1\system32\svchost.exe
D:\WINDOWS.1\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\LClock\LClock.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS.1\system32\RUNDLL32.EXE
D:\WINDOWS.1\system32\rundll32.exe
D:\WINDOWS.1\SOUNDMAN.EXE
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS.1\system32\WgaTray.exe
D:\WINDOWS.1\ALCWZRD.EXE
D:\WINDOWS.1\MICROI~1\PS2USBKbdDrv.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\WINDOWS.1\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Styler\Styler.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe
D:\WINDOWS.1\system32\wuauclt.exe
D:\Program Files\Windows Media Player\setup_wm.exe
D:\WINDOWS.1\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QXK Olive - {FAE4014F-F726-4FFC-B9C4-952A1A747E47} - D:\WINDOWS.1\vmgspntbtlp.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: fqbewlna - {EB6ABD3D-F2E7-4807-B9B6-F62AE3021A17} - D:\WINDOWS.1\fqbewlna.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.1\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PS2USBDRV] D:\WINDOWS.1\MICROI~1\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: dtseqrxk - {5BB9A3AE-A515-462E-A0FA-4A56964DA836} - D:\WINDOWS.1\dtseqrxk.dll
O21 - SSODL: mgxfebsq - {E5E28182-87C2-4CE1-9CE7-EBFDF747E841} - D:\WINDOWS.1\mgxfebsq.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS.1\system32\nvsvc32.exe

--
End of file - 12080 bytes

Combofix log should be located in C:\ComboFix.txt.
Look there.

Just had the same issue with a client PC. It is spyware and adware. Running spybot and anti virus software removed some of the problems, my control panel came back as did msconfig but the error was still there, I had to manually remove the virus alert warning from the registry where it had attached the warning to the time format. I removed all the problems tested the machine - returned it to the client he managed to get the errors back looks like a full format and re-install of the OS :(

looks like a full format and re-install of the OS :(

Don't you believe it. In only a small minority is it the case where things have gotten bad enough that one needs to reformat.
There are tools around that can completely remove this infection.

Don't you believe it. In only a small minority is it the case where things have gotten bad enough that one needs to reformat.
There are tools around that can completely remove this infection.

I totally agree crunchie. In fact my feeling is much of the time a reformat becomes necessary it isn't the malware or infection that finally makes it necessary but too much "playing around" with either the wrong tools or some "off the wall" registry "fixer" program.
This appears to be a variant of VideoAccessCodec adware.
SDFix is certainly worth a try here.
SDFix Instructions from Bleeping Computer:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Logon to your computer with an account that has Administrator privileges.

3. Download SDFix.exe and save it to your desktop.
Confirm that the file SDFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps.
4. Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.

5. A window will open asking where you would like to install SDFix to. Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run SDFix, but instead continue to the next step where you will reboot into safe mode.

6. Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

7. When your computer has started in safe mode, and you see the desktop, close all open Windows.

8. Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat

Then press the OK button.

9. The SDFix window will open containing some brief info and a disclaimer on the use of the tool.
If you want to continue, please press the Y key on your keyboard and then press enter.

10. SDFix will now start scanning your computer for known infections
This process can take a while, so you may want to do something else and periodically check back on the status of SDFix. As the scanning process continues you will continue to see new messages on the screen.

11. When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue.
At this point you should press any key on your computer's keyboard in order to restart the computer.

12. When your computer reboots, you will be presented with a screen stating that SDFix has finished.
At this point you should press any key on your computer's keyboard in order to continue to your desktop.
13. When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad.
Save that log and post back here with it along with a new HJT scan completed AFTER the running of the SDFix.
Judy

Have you still got the VIRUS ALERT! infection? I've succesfully removed it from a couple of laptops so if you need any help let me know.

To remove this type of infection I usually just run these main tools. Counterspy(trialware remove when finished), Spybot S&D(Freeware), Ad-aware se personal. And malwarebytes.
These in combination have usually resolved the problem... Sometimes there are rootkits and other nasty registry based infections that cannot be removed in a conventional manner and that is what the specialized tools are for.
Fake alerts like this are very annoying and sometimes I get disgusted by them and throw in the towel and perform a full OSRI
Best of luck to you.

this virus doesnt delete with normal program like hijack this or malebytes or anything you have to manually DELETE this file in your C: drive. I deleted it on 1 login on my laptop and its fine, the other one still is infected. its hard to get to the C: so i hope you have a folder or a shortcut on your desktop you can use to access your HD. trying to find exactly what i did then i could post it. but no you do not need a reformat good luck

This thread is 4 months old. Original poster never returned. We don't know WHAT for certain the infection was so offering solutions on an unknown infection really isn't that helpful.
It is recommend here that persons begin HERE and follow all instructions and then post all the requested logs including a HiJackThis log, with the scan done AFTER all other steps have been completed.

I have requested that Crunchie Closed the Thread.

Cohen