Have Recycler & Trojan Horse FakeAlert.KH

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Have Recycler & Trojan Horse FakeAlert.KH, Can't get rid of either one of these.

Options

Baybadoll View Member Profile	May 27 2009, 04:54 PM Post #1
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982	I have a Trojan Horse FakeAlert.KH, which AVG has removed 3 times now, that keeps coming back. I have a recycler virus also (don't know which one since its hidden), which is on my partitioned drive (D: and E:), my external drive, and my jump drive, and I can't get rid of it - AVG doesn't even find it. Computer drives: Partitioned [C: NTFS, D: FAT32, E: FAT32]; Other Internal [H: NTFS]; External [J: FAT32]; Jump [I:FAT32]. My internet browser keeps getting redirected. I'm getting multiple warning messages of: 'Are you sure you want to navigate away from this page?' when my brower isn't even open. The Screen has frozen completely a few times now - and had to restart. Random websites pop up, random music plays, and random people speak - when no browser is open. Often it says something like, "Congratulations, you won". I can't get my dvd burner [G:] to work - nero doesn't even find it. I can't defragment two of my drives, C: and H:. AVG says I'm clean and then the next day FakeAlert is back. I don't have any idea how to get rid of either of these. Thanks in advance, Katilyn DDS (Ver_09-05-14.01) - NTFSx86 Run by Owner at 15:21:20.96 on Wed 05/27/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13 ============== Pseudo HJT Report =============== uStart Page = hxxp://gridcom.net/IClient/Login.aspx?ReturnUrl=%2fiClient%2fdefault.aspx BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - e:\program files\ws_ftp pro\wsbho2k0.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [SmileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0 mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.255.112.227,85.255.112.166 TCP: {FE72FDC3-D6F2-48AD-8472-F23492B6DE8B} = 85.255.112.227,85.255.112.166 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9528hve.default\ FF - prefs.js: browser.startup.homepage - hxxp://login.sitesell.com/\|http://www.essential-oil-mama.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z9528hve.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-05-26 12:36 <DIR> --d----- c:\program files\Cobian Backup 8 2009-05-24 17:44 <DIR> --d----- c:\windows\system32\appmgmt 2009-05-23 18:18 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-05-23 18:09 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-05-23 18:09 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-23 18:07 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-05-23 18:07 <DIR> --d----- c:\program files\common files\PC Tools 2009-05-23 18:06 <DIR> --d----- c:\program files\Spyware Doctor 2009-05-23 18:06 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools 2009-05-23 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-05-23 10:06 341 ---shr-- C:\autorun.inf 2009-05-06 03:00 <DIR> --d----- c:\windows\system32\KB905474 2009-05-04 15:42 <DIR> --d----- c:\program files\common files\SWF Studio ==================== Find3M ==================== 2009-05-27 09:05 21 a------- C:\qpmd8376.bin 2009-05-19 09:45 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-19 09:45 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll 2007-06-23 17:08 284 -c------ c:\docume~1\owner\applic~1\ViewerApp.dat 2004-04-28 00:19 233,160 ac------ c:\program files\LISTOOL.EXE 2004-02-11 16:32 257,189 ac------ c:\program files\LISTOOL.CHM 2008-09-23 03:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat ============= FINISH: 15:22:05.40 =============== Attached File(s) Attach.txt ( 8.1k ) Number of downloads: 1

Posts in this topic

Baybadoll Have Recycler & Trojan Horse FakeAlert.KH May 27 2009, 04:54 PM

SifuMike Hello Baybadoll, Download Security Check by scree... May 28 2009, 11:30 PM

Baybadoll Hi! Thank you for such a quick response. I a... May 29 2009, 09:37 AM

SifuMike Hi Katilyn, Looks like you probably have a hard... May 29 2009, 10:52 AM

Baybadoll My computer booted back up. But will not run malwa... May 30 2009, 03:22 PM

SifuMike Hi Baybadoll, Make sure you disabe Spyware Docto... May 30 2009, 04:49 PM

Baybadoll mbam log: Malwarebytes' Anti-Malware 1.37 Dat... May 30 2009, 06:22 PM

SifuMike Hi, Please tell me how the computer is running.... May 30 2009, 06:32 PM

Baybadoll Hi! Computer isn't slow anymore. Openin... May 31 2009, 07:48 AM

SifuMike Hi Baybadoll, Please download GooredFix and [b]sa... May 31 2009, 11:08 AM

Baybadoll Hey. The computer froze between the last instruct... May 31 2009, 03:43 PM

SifuMike Hi Baybadoll, We will run ComboFix. You should ... May 31 2009, 05:51 PM

Baybadoll I removed SpyDoctor (it never worked). And disa... May 31 2009, 08:21 PM

SifuMike Hi Baybadoll, No, you dont need to disable Malw... May 31 2009, 10:09 PM

Baybadoll combofix won't run. When I double-click on th... May 31 2009, 11:11 PM

SifuMike How long did you wait? It may take 10-15 minutes ... May 31 2009, 11:15 PM

Baybadoll Maybe not long enough - at least 15 min. Lights a... May 31 2009, 11:23 PM

SifuMike If nothing happens in 15 - 20 minutes, then reboot... May 31 2009, 11:41 PM

Baybadoll Okay. I waited 20 min. Rebooted. Tried again. ... Jun 1 2009, 12:23 AM

SifuMike I was afraid of that. On to plan B. :) Delete... Jun 1 2009, 12:34 AM

Baybadoll It Worked! :thumbsup: Things are looking g... Jun 1 2009, 01:04 AM

SifuMike Hi, Looks goods. :thumbup2: You need to dis... Jun 1 2009, 10:01 AM

Baybadoll Hey. Quick question: The ESET Online Scanner alr... Jun 1 2009, 11:20 AM

SifuMike Hi Katilyn, Yes, uncheck it. We do not want re... Jun 1 2009, 11:36 AM

Baybadoll Hi! ComboFix log: ComboFix 09-05-31.06 - Own... Jun 1 2009, 12:35 PM

SifuMike Hi Katilyn, Looks good. :thumbup2: How is ... Jun 1 2009, 01:22 PM

Baybadoll Hey! Things are going much better! I f... Jun 1 2009, 01:30 PM

SifuMike Hi Katilyn, Your very welcome. A clean comput... Jun 1 2009, 01:44 PM

Baybadoll Is there anything we need to do with the stuff ESE... Jun 1 2009, 01:47 PM

SifuMike Nope. :) All that will be deleted when you run th... Jun 1 2009, 01:49 PM

Baybadoll Awesome. Okay - I removed security check and unin... Jun 1 2009, 01:59 PM

SifuMike Hi Katilyn, Combofix was supposed to get rid of... Jun 1 2009, 02:48 PM

Baybadoll Okay, CleanUp worked fine - I had to reboot. Al... Jun 1 2009, 03:03 PM

SifuMike Hi Katilyn, Your very welcome. :) I cant help... Jun 1 2009, 03:11 PM

SifuMike Since your problem appears to be resolved, this th... Jun 3 2009, 05:24 PM

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Switch to: Linear+ · Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 09:43 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides