HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ati3xmxx
Filename: ati3xmxx.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3xmxx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3xmxx.sys

Startup Type: SafeBoot
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3xmxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3xmxx.sys]

Description: unknown trojan

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: brzycg
Filename: brzycg.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {fd700ec2-fc05-11dd-b448-001fd00766ec}

CLSID: {fd700ec2-fc05-11dd-b448-001fd00766ec}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd700ec2-fc05-11dd-b448-001fd00766ec}]
shell\AutoRun\command – brzycg.exe
shell\explore\command – brzycg.exe
shell\open\command – brzycg.exe

Description: an autorun.inf trojan

How to remove: read the article – How to remove trojans that uses autorun.inf file

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 96857956
Filename: 96857956.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 16847964

Command: C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe

Description: component of System Security (rogue antispyware program)
Note: System Security uses random names for hide itself.

How to remove: use these System Security removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MSIVXserv
Driver name: MSIVXserv.sys
Command: uses random file name (%windir%\system32\drivers\MSIVXvquesrhnkoyrrnpgwdkuydpqnmoxfqba.sys)
Startup Type: hidden driver
Description: trojan that uses rootkit techniques in order to hide itself.

How to remove: use these MSIVXserv.sys removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WindOptimizer
Filename: WindOptimizer.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Wind Optimizer

Command: C:\Program Files\Wind Optimizer\WindOptimizer.exe
Startup Type: HKCU
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Wind Optimizer] “C:\Program Files\Wind Optimizer\WindOptimizer.exe” /s

Description: main file of Wind Optimizer (rogue antispyware)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: xpdeluxe
Filename: xpdeluxe.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | xpprotect

Command: %UserProfile%\XP Deluxe Protector\xpdeluxe.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [xpprotect] C:\Documents and Settings\lab\XP Deluxe Protector\xpdeluxe.exe

Description: main file of XP Deluxe Protector (rogue antispyware program)

How to remove: use these XP Deluxe Protector removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WinBlueSoft
Filename: WinBlueSoft.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WinBlueSoft

Command: C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min

Description: WinBlueSoft.exe is a main component of WinBlueSoft rogue antispyware program

How to remove: use these WinBlueSoft removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: windef
Filename: windef.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WinDefender2009

Command: c:\Program Files\WinDefender\windef.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WinDefender2009] c:\Program Files\WinDefender\windef.exe

Description: windef.exe is a main file of WinDefender2009 (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WinCtrl32
Filename: WinCtrl32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32

Startup Type: Winlogon->Notify
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32]
WinCtrl32.dll

Description: trojan downloader

How to remove: manually or use Malwarebytes Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wm0dap
Filename: wm0dap.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | oledll

Command: C:\WINDOWS\system32\wm0dap.dll
CLSID: {52345B67-1234-1234-D123-7F84D123BC7D}
Startup Type: ShellServiceObjectDelayLoad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
oledll – {52345B67-1234-1234-D123-7F84D123BC7D} – C:\WINDOWS.0\system32\wm0dap.dll [2009-03-21 73728]

Description: Email-Worm.Bagle is a mass-mailing application.

How to remove: manually, using Combofix or Registry editor