HT Logs. Tips, FAQs, Analyze.

microsft.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: microsft
Filename: microsft.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}

Command: %Program Files%\whyu\microsft.exe
CLSID: {C77088EB-52B1-173B-F6D5-36B5619926BD}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {C77088EB-52B1-173B-F6D5-36B5619926BD} – C:\Program Files\whyu\microsft.exe s

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}]
C:\Program Files\whyu\microsft.exe s

Description: malware also known as Mal/VB-Z [Sophos]

How to remove: Registry editor + Kaspersky virus removal tool

apocalyps32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: apocalyps32
Filename: apocalyps32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | apocalyps32

Command: C:\Windows\apocalyps32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [apocalyps32] C:\Windows\apocalyps32.exe

DDS Line:

mRun: [apocalyps32] C:\Windows\apocalyps32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“apocalyps32″=C:\Windows\apocalyps32.exe

Description: malware also known as Mal/Behav-328, Mal/Dropper-G, Mal/Behav-053 [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: PrestoTuneUp
Filename: PrestoTuneUp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Presto TuneUp

Command: C:\Documents and Settings\All Users\Application Data\b1529a0\PrestoTuneUp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Presto TuneUp] “C:\Documents and Settings\All Users\Application Data\b1529a0\PrestoTuneUp.exe” /s /d

Description: Presto Tuneup is a scareware program that uses false system errors to trick you into buying the software.

How to remove: use Malwarebytes Antimalware

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: diarprof
Filename: diarprof.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [bo0pRSZ3e] diarprof.exe

Description: Unknown malware component

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: distus40
Filename: distus40.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [qFrf32V] distus40.exe

Description: Unknown malware component

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: xivop
Filename: xivop.exe
Command: C:\WINDOWS\xivop.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xivop] C:\WINDOWS\xivop.exe

Description: component of unknown malware

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: qwbqgkxr
Filename: qwbqgkxr.exe
Command: C:\WINDOWS\qwbqgkxr.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [MaG78PfJs] C:\WINDOWS\qwbqgkxr.exe

Description: component of unknown malware

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

CLSID: {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} – (no file)

Combofix/RSIT Line:
Description: part of SPYW_IMISERV.C, looks here

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wjfvju
Startup Type:svchost
Combofix/RSIT Line:

R4 wjfvju;wjfvju;c:\windows\system32\SVCHOST.EXE -k wjfvju [2004-08-18 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wjfvju REG_MULTI_SZ wjfvju

Description: unknown malware component

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WinHelp3x
Filename: WinHelp3x.exe
Command: c:\windows\system32\WinHelp3x.exe
Startup Type: Service
Combofix/ RSIT Line:

R4 WinHelp3x;Windows Help System;c:\windows\system32\WinHelp3x.exe [2009-01-16 15910]

Description: unknown trojan component