Virus Alert on Taskbar

Hp compaq laptop / NA
January 20, 2009 at 10:56:21
Specs: Windows XP, NA
Not sure if my message went through or not, but I have a problem of removing the virus alert message from my taskbar. Everything started of clicking a fake site for a free virus scan, than the guy who I brought the laptop installed Panda, which cause me to have more viruses. I was able (I think) to remove Panda, but not the message from task bar. Can anyone help me ?
I dont know my CPU or RAM info or even the model, but I will get back to you on that tonite or tomorrow, but at least a YES can help me save memories and important software (Microsoft Office and Adobe Suite) for my business.

Thanks


See More: Virus Alert on Taskbar

Report •


#1
January 20, 2009 at 17:26:14
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
January 21, 2009 at 04:54:29
Hey Jabuck

Thanks for getting back to me, I really appreciate it very much.
Questions to you ? Can I save those files into an external hard drive so I can fix the problem? Should I follow your instructions on safe mode or normal mode..can you let me know.

Thanks


Report •

#3
January 21, 2009 at 14:03:25
Yes, you can download Malwarebytes to an external drive. Run it from normal mode.

Report •

Related Solutions

#4
January 23, 2009 at 04:51:58
Hey Jabuck

What is the easiest way to paste your HJT log here without asking for expert permission or something...
Can you let me know

Thanks


Report •

#5
January 23, 2009 at 04:53:55
Let me see if it works

Logfile of Trend Micro HijackThis v2.0.2


This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16640)


This should be the newest version.

Boot mode: Normal

Safe
This entry was classified from our visitors as good.

C:\WINDOWS\System32\smss.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\winlogon.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\services.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\lsass.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\Ati2evxx.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\svchost.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\svchost.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\svchost.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\spoolsv.exe

Safe

This entry was classified from our visitors as good.

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

Very safe
Safe (4.55 / 5.00)

C:\WINDOWS\system32\svchost.exe

Safe

This entry was classified from our visitors as good.

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

Very safe
Safe (4.78 / 5.00)

C:\PROGRA~1\AVG\AVG8\avgemc.exe

Very safe

Possibly nasty! According to our database this process runs normally in c:\programme\grisoft\.*\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.

C:\WINDOWS\Explorer.EXE

Very safe

This entry was classified from our visitors as good.

C:\PROGRA~1\AVG\AVG8\avgtray.exe

Safe
Safe (4.67 / 5.00)

C:\WINDOWS\system32\ctfmon.exe

Very safe

This entry was classified from our visitors as good.

C:\Documents and Settings\Owner\Desktop\tools.exe

Neutral (3.35 / 5.00)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

Safe
This page has been identified as safe.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...

This page has been identified as safe.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie... search/search.html

This page has been identified as safe.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...

This page has been identified as safe.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

Nasty
Nasty (2.23 / 5.00)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

Safe
This entry was classified from our visitors as good.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...

Safe
This page has been identified as safe.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Safe
This entry was classified from our visitors as good.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

This entry has been identified as safe.

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)

Neutral (3.39 / 5.00)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

Safe
LinkScannerIE.dll - LinkScanner, http://linkscanner.explabs.com/link... er/default.asp

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

SBC Yahoo! Browser related

O2 - BHO: (no name) - {632E77F5-14E3-4573-ADE8-697D0F11BBB7} - (no file)

Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

Very safe
SUN Java

O2 - BHO: (no name) - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - (no file)

Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {e2c8f0f5-2baf-4294-a884-883dd87fea89} - (no file)

Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

Neutral
Neutral (3.45 / 5.00)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

Very safe
AcroIEFavClient.dll - Adobe Acrobat, http://www.adobe.com/products/acrob... /main.html

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)


Unnecessary (deactivated) entry that can be fixed. mgToolbarIE.dll - SweetIM, http://www.sweetim.com/

O3 - Toolbar: (no name) - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)

Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

Very safe
Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

Very safe
Unknown application. This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

Safe (4.41 / 5.00)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Safe
This entry was classified from our visitors as good.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Safe
To be fixed if not done intentionally. This entry was classified from our visitors as good.

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

The entry Append to existing PDF has been identified as safe.

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

The entry Convert link target to Adobe PDF has been identified as safe.

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

The entry Convert link target to existing PDF has been identified as safe.

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

The entry Convert selected links to Adobe PDF has been identified as safe.

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

The entry Convert selected links to existing PDF has been identified as safe.

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

The entry Convert selection to Adobe PDF has been identified as safe.

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

The entry Convert selection to existing PDF has been identified as safe.

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

The entry Convert to Adobe PDF has been identified as safe.

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

Very safe
The entry E&xport to Microsoft Excel has been identified as safe.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

The entry has been identified as safe.

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

The entry Sun Java Console has been identified as safe.

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

The entry Send to OneNote has been identified as safe.

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

The entry S&end to OneNote has been identified as safe.

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

Very safe
The entry Yahoo! Services has been identified as safe.

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

Very safe
The entry Research has been identified as safe.

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Safe
This entry was classified from our visitors as good.

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Safe
This entry was classified from our visitors as good.

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Safe
This entry was classified from our visitors as good.

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Safe
This entry was classified from our visitors as good.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

Safe
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win... site.cab?1207794082581

This entry has been identified as safe.

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

Very safe
Check if you know this site and fix it if you do not. This entry was classified from our visitors as good.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL... ?AuthParam=1212344398_b2b0393c6f86bb47b54402635a75f1a6&GroupName=JSC&BHost=javad l.sun.com&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&Fil e=jinstall-6u6-windows-i586-jc.cab

This entry has been identified as safe.

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

Safe
This entry has been identified as safe. This entry was classified from our visitors as good.

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

Safe
This entry was classified from our visitors as good.

O20 - AppInit_DLLs: qwjcle.dll,frozlr.dll,avgrsstx.dll



O20 - Winlogon Notify: ljJYQJDU - ljJYQJDU.dll (file missing)

Unnecessary (deactivated) entry that can be fixed.

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

Very safe
This service (Ati2evxx.exe) was identified as a good one.

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

This service (avgemc.exe) was identified as a good one.

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

Very safe
Unknown service. (avgwdsvc.exe) This entry was classified from our visitors as good.

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

Very safe
This service (AAWService.exe) was identified as a good one.

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

Safe
This service (SrvLnch.exe) was identified as a good one.

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Report •


Ask Question