HT Logs. Tips, FAQs, Analyze.

alggui.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: alggui
Filename: alggui.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

Command: C:\Program Files\alggui.exe
Startup Type: File associations
DDS/Combofix/RSIT Line:

.exe – open – C:\Program Files\alggui.exe “%1” %*

Description: component of Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

adc32.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: adc32
Filename: adc32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}

Command: C:\Program Files\adc32.dll
CLSID: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: ICQSys (ADC PlugIn) – {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

DDS Line:

BHO: ADC PlugIn: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}]
ADC PlugIn – C:\Program Files\adc32.dll [2010-02-04 958464]

Description: malicious BHO addon to Internet Explorer that installed by Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

Your PC Protector.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Your PC Protector
Filename: Your PC Protector.exe
Command: C:\Program Files\Your PC Protector\Your PC Protector.exe
Description: core part of Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

GuardWWW.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardWWW
Filename: GuardWWW.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardWWW

Command: C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe -min

DDS Line:

uRun: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardWWW”=C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Description: core component of GuardWWW. GuardWWW is a rogue antispyware program.

How to remove: use these GuardWWW removal instructions.

Antimalware Defender.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antimalware Defender
Filename: Antimalware Defender.dll
Command: C:\Program Files\Antimalware Defender\Antimalware Defender.dll
Description: component of Antimalware Defender. Antimalware Defender is a rogue antispyware program.

How to remove: use these Antimalware Defender removal instructions.

Newsoftspot.microsoft.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to Newsoftspot.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Site addess: Newsoftspot.microsoft.com
Description: Newsoftspot.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]

Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

DDS Line:

mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Description: core part of Antivirus Soft. Antivirus Soft is a rogue antispyware program.

How to remove: use these Antivirus Soft removal instructions.

MyPcSecure.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MyPcSecure
Filename: MyPcSecure.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MyPcSecure

Command: C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

DDS Line:

uRun: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MyPcSecure”=C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Description: core part of MyPcSecure. MyPcSecure is a rogue antispyware program.

How to remove: use these MyPcSecure removal instructions.

Antivir.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core component of Antivir 2010. Antivir 2010 is a rogue antispyware program.

How to remove: use these Antivir 2010 removal instructions.

av.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\.exe\shell\open\command | @= “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\secfile\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”

Command: %UserProfile%\Local Settings\Application Data\av.exe
Startup Type: File associations
Description: core component of Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010

How to remove: use these Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010 removal instructions.