HT Logs. Tips, FAQs, Analyze.

This is a signature of trojan activity.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name of trojan activity: DisableRegistryTools
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableRegistryTools”=1

Description: result of trojan activity

How to remove: Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dbclent
Filename: dbclent.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa | notification packages

Command: C:\WINDOWS\dbclent.dll
Startup Type: LSA->notification packages
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
dbclent.dll

Description: Trojan.Win32.Agent2.him

How to remove: use Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: bwpbwvxxvw
Filename: bwpbwvxxvw.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetConnection

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll
CLSID: {D14F8945-CF96-4231-9FA7-4BC630D80D85}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {D14F8945-CF96-4231-9FA7-4BC630D80D85} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll

Description: trojan, component of rogue antispyware

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ieModule
Filename: ieModule.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | ieModule

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
CLSID:

{92CA440D-C81C-4B72-89D0-D2B464E5678B}
{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}

Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: ieModule – {92CA440D-C81C-4B72-89D0-D2B464E5678B} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

Description: trojan, component of a few rogue antispyware programs

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av2009
Filename: av2009.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | 50564483217104051363526518677900

Command: C:\Program Files\Antivirus 2009\av2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [50564483217104051363526518677900] C:\Program Files\Antivirus 2009\av2009.exe

Description: malware, main file of Antivirus 2009 (rogue antispyware)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: awtuUNDT
Filename: awtuUNDT.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB248511-529D-4956-A291-1535CEDF9250}

Command: C:\Windows\system32\awtuUNDT.dll
CLSID: {DB248511-529D-4956-A291-1535CEDF9250}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {DB248511-529D-4956-A291-1535CEDF9250} – C:\Windows\system32\awtuUNDT.dll

Description: Internet Explorer BHO module, trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: N1i
Filename: N1i.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Drive

Command: C:\Documents and Settings\All Users\Application Data\N1\N1i.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe

Description: main file of Anti-virus number 1 (rogue antispyware program)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: svchost
Filename: svchost.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SVCHOST.EXE

Command: C:\WINDOWS\System32\drivers\svchost.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe

Description: trojan fake.alert

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:

O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll

Description: trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: higudivo
Filename: higudivo.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wawusavasi

Command: C:\WINDOWS\System32\higudivo.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s
O4 – HKUS\S-1-5-19\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘NETWORK SERVICE’)

Description: component of trojan Vundo

How to remove: Use HijackThis + Use Malwarebytes Antimalware