HT Logs. Tips, FAQs, Analyze.

WinESuite.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WinESuite
Filename: WinESuite.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WES

Command: C:\Documents and Settings\All Users\Application Data\1817442\WinESuite.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WES] “C:\Documents and Settings\All Users\Application Data\1817442\WinESuite.exe” /s

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“WES”=C:\Documents and Settings\All Users\Application Data\1817442\WinESuite.exe /s

Description: component of Enterprise Suite. Enterprise Suite is a rogue antispyware program.

How to remove: use these Enterprise Suite removal instructions.

personalprotector.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: personalprotector
Filename: personalprotector.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | personalprotector

Command: C:\Program Files\Personal Protector\personalprotector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [personalprotector] C:\Program Files\Personal Protector\personalprotector.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“personalprotector”=C:\Program Files\Personal Protector\personalprotector.exe [2009-11-17 1012736]

Description: core part of Personal Protector. Personal Protector is a rogue antispyware program.

How to remove: use these Personal Protector removal instructions.

cc.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cc
Filename: cc.exe
Registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %UserProfile%\Application Data\CC\cc.exe
Startup Type: Winlogon\Shell
MalwareBytes Anti-malware shows this infection:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\user\Application Data\CC\cc.exe) Good: (Explorer.exe)

Description: part of Control Center. Control Center is a fake Windows optimization application.

How to remove: use these Control Center removal instructions.

LinkSafeness.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: LinkSafeness
Filename: LinkSafeness.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | LinkSafeness

Command: C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [LinkSafeness] C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“LinkSafeness”=C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe [2009-11-17 1634304]

Description: core file of LinkSafeness. LinkSafeness is a fake security program also known as rogue antispyware.

How to remove: use these LinkSafeness removal instructions.

iewarningsite.com is a malicious website

The site was created to spread Alpha Antivirus. If your browser is redirected to iewarningsite.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 94.102.58.252
Site addess: iewarningsite.com
Description: The site used to promote the rogue antispyware program called Alpha Antivirus.

How to remove: use these Alpha Antivirus removal instructions in order to remove this infection.

awareremover2009.microsoft.com is a malicious website

The site was created to spread Antivirus System Pro. If your browser is redirected to awareremover2009.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 91.212.127.227
Site addess: awareremover2009.microsoft.com
HijackThis Category: O1
HijackThis Line:

O1 – Hosts: 91.212.127.227 awareremover2009.microsoft.com

Description: awareremover2009.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

AntiAID.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiAID
Filename: AntiAID.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiAID

Command: C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiAID] C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiAID”=C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe [2009-11-12 1634304]

Description: core part of AntiAID. AntiAID is a rogue antispyware program from WiniGuard scareware family.

How to remove: use these AntiAID removal instructions.

Osawarepro2009.microsoft.com is a malicious website

The site was created to spread Antivirus System Pro. If your browser is redirected to Osawarepro2009.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 91.212.127.227
Site addess: Osawarepro2009.microsoft.com
HijackThis Category:
HijackThis Line:

O1 – Hosts: 91.212.127.227 osawarepro2009.microsoft.com

Description: Osawarepro2009.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

SystemWarrior.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SystemWarrior
Filename: SystemWarrior.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SystemWarrior

Command: C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SystemWarrior] “C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe” -min

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SystemWarrior”=C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe [2009-11-11 742400]

Description: core part of SystemWarrior. SystemWarrior is a rogue antispyware program.

How to remove: use these SystemWarrior removal instructions.

antimalware.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: antimalware
Filename: antimalware.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiMalware

Command: C:\Program Files\AntiMalware\antimalware.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiMalware] “C:\Program Files\AntiMalware\antimalware.exe” -noscan

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiMalware”=C:\Program Files\AntiMalware\antimalware.exe [2009-11-10 1572864]

Description: core component of AntiMalware. AntiMalware is a rogue antispyware program.

How to remove: use these AntiMalware removal instructions.