HT Logs. Tips, FAQs, Analyze.

asr64_ldm.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: asr64_ldm
Filename: asr64_ldm.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | asr64_ldm.exe

Command: %UserProfile%\LOCALS~1\Temp\asr64_ldm.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [asr64_ldm.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\asr64_ldm.exe

DDS Line:

uRun: [asr64_ldm.exe] C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“asr64_ldm.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Description: trojan fakeAlert that installed with Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.

av-protect.microsoft.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to av-protect.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Site addess: av-protect.microsoft.com
Description: av-protect.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

av.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\secfile
HKEY_CLASSES_ROOT\.exe\shell\open\command

Command: %Appdata%\av.exe
Description: core component of XP AntiSpyware 2010, XP Antivirus Pro 2010. XP AntiSpyware 2010, XP Antivirus Pro 2010 – names of one program, that is a rogue antispyware application.

How to remove: use these XP AntiSpyware 2010, XP Antivirus Pro 2010 removal instructions.

Virus Protector is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: [RANDOM]
Filename: [RANDOM].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Protector

Command: [Path]\[RANDOM].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Virus Protector] [Path]\[RANDOM].exe

DDS Line:

uRun: [Virus Protector] [Path]\[RANDOM].exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Virus Protector”=[Path]\[RANDOM].exe

Description: component of Virus Protector. Virus Protector is a rogue antispyware program.

How to remove: use these Virus Protector removal instructions.

Antispyware.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antispyware.exe
Filename: Antispyware.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\Program Files\Def Group\PC Defender\Antispyware.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Description: core component of PC Defender. PC Defender is a rogue antispyware program.

How to remove: use these PC Defender removal instructions.

Antimalware Doctor.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antimalware Doctor
Filename: Antimalware Doctor.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antimalware Doctor.exe

Command: C:\Windows\System32\Antimalware Doctor.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Antimalware Doctor.exe] C:\Windows\System32\Antimalware Doctor.exe

DDS Line:

uRun: [Antimalware Doctor.exe] C:\Windows\System32\Antimalware Doctor.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Antimalware Doctor.exe”=C:\Windows\System32\Antimalware Doctor.exe

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use these Antimalware Doctor removal instructions.

SysShield.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SysShield
Filename: SysShield.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server

Command: C:\Program Files\Personal Anti Malware\SysShield.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Windows applications server] C:\Program Files\Personal Anti Malware\SysShield.exe

DDS Line:

uRun: [Windows applications server] C:\Program Files\Personal Anti Malware\SysShield.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows applications server”=C:\Program Files\Personal Anti Malware\SysShield.exe

Description: trojan FakeAlert, component of Personal Anti Malware. Personal Anti Malware is a rogue antispyware program.

How to remove: use these Personal Anti Malware removal inbstructions.

PAM.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: PAM
Filename: PAM.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Personal Anti Malware

Command: C:\Program Files\Personal Anti Malware\PAM.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Personal Anti Malware] C:\Program Files\Personal Anti Malware\PAM.exe

DDS Line:

uRun: [Personal Anti Malware] C:\Program Files\Personal Anti Malware\PAM.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Personal Anti Malware”=C:\Program Files\Personal Anti Malware\PAM.exe

Description: core component of Personal Anti Malware. Personal Anti Malware is a rogue antispyware program.

How to remove: use these Personal Anti Malware removal instructions.

SE2010.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SE2010
Filename: SE2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security essentials 2010

Command: C:\Program Files\Securityessentials2010\SE2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe

DDS Line:

uRun: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security essentials 2010″=C:\Program Files\Securityessentials2010\SE2010.exe

Description: core component of Security Essentials 2010. Security Essentials 2010 is a rogue antispyware program.

How to remove: use these Security Essentials 2010 removal instructions.

ccmain.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ccmain
Filename: ccmain.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %UserProfile%\Application Data\Control-Center\ccagent.exe
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: %UserProfile%\Application Data\Control-Center\ccagent.exe

Description: core component of Control Center. Control Center isa fake Windows optimization program.

How to remove: use these Control Center removal instructions.