HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gxvxcserv
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\Controlset003\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys

Command: command
Startup Type: Hidden driver
Description: troajn w32.Tidserv. The trojan uses rootkit techniques designed to hide the software presence in the system.

How to remove: use the instructions How to remove gxvxcserv.sys trojan (Google redirect virus)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: aap
Filename: aap.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus Agent Pro

Command: C:\Program Files\Antivirus Agent Pro\aap.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Antivirus Agent Pro] C:\Program Files\Antivirus Agent Pro\aap.exe

Description: main file of Antivirus Agent Pro – rogue antispyware program

How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: guard
Filename: guard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | guard

Command: C:\WINDOWS\guard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [guard] C:\WINDOWS\guard.exe

Description: component of Antivirus Agent Pro (rogue qntispyware program)

How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: se
Filename: se.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | se

Command: C:\WINDOWS\system\se.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [se] C:\WINDOWS\system\se.exe

Description: se.exe is a trojan that installed with Antivirus Plus

How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: rundll32
Filename: rundll32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | shell

Command: C:\WINDOWS\system\rundll32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [shell] C:\WINDOWS\system\rundll32.exe 1

Description: trojan that installed with Antivirus Plus (rogue antispyware)

How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: InternetExplorer
Filename: InternetExplorer.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}

Command: C:\WINDOWS\system32\InternetExplorer.dll
CLSID: {D032570A-5F63-4812-A094-87D007C23012}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {D032570A-5F63-4812-A094-87D007C23012} – C:\WINDOWS\system32\InternetExplorer.dll

Description: trojan bho that installed with Antivirus Plus (rogue antispyware program)

How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ava
Filename: ava.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV AntiSpyware

Command: C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV AntiSpyware] “C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe” /autorun

Description: main file of AV Antispyware (rogue antispyware)

How to remove: use the instruction How to remove AV Antispyware (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WiniBlueSoft
Filename: WiniBlueSoft.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WiniBlueSoft

Command: C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min

Description: main file of WiniBlueSoft (rogue antispyware program)

How to remove: use the instruction How to remove WiniBlueSoft (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: eewhptdpyl
Filename: eewhptdpyl.dll
Registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
| InternetConnection

Command: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll
CLSID: {AB6DAA8C-F726-4FDD-8B06-9537C5878612}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {AB6DAA8C-F726-4FDD-8B06-9537C5878612} – C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll

Description: component of System Guard 2009

How to remove: use these instructions How to remove System Guard 2009 (Delete instructions).

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: VSweep
Filename: VSweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Sweeper

Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Virus Sweeper] “C:\Documents and Settings\All Users\Application Data\8a37\VSweep.exe” /s /d

Combofix/RSIT Line:

Description: main file of Virus Sweeper (rogue antispyware program)

How to remove: use these instructions How to remove Virus Sweeper (Uninstall instructions).