New rogue anti spyware

Logfile of HijackThis v1.99.1
Scan saved at 12:14:00, on 06-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\Babylon\Babylon.exe
C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programas\Softwin\BitDefender8\bdnagent.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
c:\programas\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\hpf\Ambiente de trabalho\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SpywareBlock Class – {0A87E45F-537A-40B4-B812-E2544C21A09F} – C:\Programas\SpyCatcher 2006\SCActiveBlock.dll
O4 – HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Programas\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] “C:\Programas\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 – HKLM\..\Run: [Babylon Client] C:\Programas\Babylon\Babylon.exe -AutoStart
O4 – HKLM\..\Run: [CXMon] “C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe”
O4 – HKLM\..\Run: [H2O] C:\Programas\SyncroSoft\Pos\H2O\cledx.exe
O4 – HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [HP Update 4300C] C:\DOCUME~1\hpf\AMBIEN~1\hpupdate.exe 4300C
O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe
O4 – HKLM\..\Run: [SpyCatcher Reminder] “C:\Programas\SpyCatcher 2006\SpyCatcher.exe” reminder
O4 – HKLM\..\Run: [BDMCon] “C:\Programas\Softwin\BitDefender8\bdmcon.exe”
O4 – HKLM\..\Run: [BDNewsAgent] “C:\Programas\Softwin\BitDefender8\bdnagent.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Programas\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Tracks Eraser Pro] C:\Programas\Acesoft\Tracks Eraser Pro\te.exe min
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: SpyCatcher Protector.lnk = C:\Programas\SpyCatcher 2006\Protector.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
O12 – Plugin for .mid: C:\Programas\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 – Plugin for .wav: C:\Programas\Internet Explorer\PLUGINS\npqtplugin.dll
O16 – DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) – http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 – AppInit_DLLs: interceptor.dll
O23 – Service: AutoComplete Service (Autocomplete) – Acesoft – C:\Programas\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe” /service (file missing)
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe” /service (file missing)

Patrik

― February 4, 2006 - 7:32 am Reply

if you got AlfaCleaner, and can`t remove from your computer, please make HijackThis log and post there.
Henrique Ferreira

― February 6, 2006 - 6:20 am Reply

Logfile of HijackThis v1.99.1
Scan saved at 12:14:00, on 06-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\Babylon\Babylon.exe
C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programas\Softwin\BitDefender8\bdnagent.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
c:\programas\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\hpf\Ambiente de trabalho\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SpywareBlock Class – {0A87E45F-537A-40B4-B812-E2544C21A09F} – C:\Programas\SpyCatcher 2006\SCActiveBlock.dll
O4 – HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Programas\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] “C:\Programas\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 – HKLM\..\Run: [Babylon Client] C:\Programas\Babylon\Babylon.exe -AutoStart
O4 – HKLM\..\Run: [CXMon] “C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe”
O4 – HKLM\..\Run: [H2O] C:\Programas\SyncroSoft\Pos\H2O\cledx.exe
O4 – HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [HP Update 4300C] C:\DOCUME~1\hpf\AMBIEN~1\hpupdate.exe 4300C
O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe
O4 – HKLM\..\Run: [SpyCatcher Reminder] “C:\Programas\SpyCatcher 2006\SpyCatcher.exe” reminder
O4 – HKLM\..\Run: [BDMCon] “C:\Programas\Softwin\BitDefender8\bdmcon.exe”
O4 – HKLM\..\Run: [BDNewsAgent] “C:\Programas\Softwin\BitDefender8\bdnagent.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Programas\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Tracks Eraser Pro] C:\Programas\Acesoft\Tracks Eraser Pro\te.exe min
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: SpyCatcher Protector.lnk = C:\Programas\SpyCatcher 2006\Protector.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
O12 – Plugin for .mid: C:\Programas\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 – Plugin for .wav: C:\Programas\Internet Explorer\PLUGINS\npqtplugin.dll
O16 – DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) – http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 – AppInit_DLLs: interceptor.dll
O23 – Service: AutoComplete Service (Autocomplete) – Acesoft – C:\Programas\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe” /service (file missing)
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe” /service (file missing)
Patrik

― February 6, 2006 - 10:23 am Reply

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: AlfaCleaner

Then using Windows Explorer, delete the following folder: C:\Program Files\AlfaCleaner

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

If you do not already have Ad-Aware SE installed, follow these download and setup instructions. Also check for updates.

Again, do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Next, run Ad-aware and perform a full scan. Remove everything found.

Finally, restart your computer normally.

New rogue anti spyware – AlfaCleaner

3 Comments

Leave a Reply Cancel reply

New Guides

How to remove Hreerfdfgo.club pop-ups (Virus removal guide)

How to uninstall WideCluster app/extension from Mac (Virus removal guide)

How to get rid of Mysearch.space redirect from Chrome, Firefox, IE, Edge

How to remove Ewdownt.club pop-ups (Virus removal guide)

How to uninstall CompactFilter app/extension from Mac (Virus removal guide)

Follow Us

Search

Useful Guides

Chrome Managed by your organization malware removal guide

AdwCleaner – Review, How to use, Comments

How to reset Internet Explorer settings to default

Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]

How to reset Google Chrome settings to default

Recent Posts

How to remove VideoCodec3_05b – ICQCHK.exe – MSX.DLL

How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

How to remove AdwarePunisher – rogue anti spyware

Winamp 5.13 released

Malware Domain List – Updated

MYANTISPYWARE.COM

NEED A HELP ?

Links