HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WIf5bc
Filename: WIf5bc.exe (uses random names)
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows Security Suite

Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\WIf5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Windows Security Suite] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\WIf5bc.exe” /s /d

Description: main file of Windows Security Suite (rogue antispyware program)

How to remove: use these Windows Security Suite removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ddrawx
Filename: ddrawx.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}

Command: C:\WINDOWS\system32\ddrawx.dll
CLSID: {0B014B81-4E12-46F9-806F-55867AF8FD3C}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: & – {0B014B81-4E12-46F9-806F-55867AF8FD3C} – C:\WINDOWS\system32\ddrawx.dll

Description: BHO component of USAntiSpy (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: usa
Filename: usa.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | USA

Command: C:\Program Files\USA\usa.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [USA] C:\Program Files\USA\usa.exe

Description: main file of USAntiSpy (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiMalware_Pro
Filename: AntiMalware_Pro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiMalware_ProNET

Command: C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiMalware_ProNET] C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe

Description: main file of AntiMalwarePro (rogue antispyware application)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Installer
Filename: Installer.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntivirusBEST

Command: C:\Documents and Settings\All Users\Application Data\AB\Installer.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AntivirusBEST] C:\Documents and Settings\All Users\Application Data\AB\Installer.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntivirusBEST”=C:\Documents and Settings\All Users\Application Data\AB\Installer.exe [2009-06-26 78848]

Description: main file of AntivirusBEST (rogue antispyware program)

How to remove: use these AntivirusBEST removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SysShield
Filename: SysShield.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server

Command: C:\WINDOWS\system32\SysShield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Windows applications server] C:\WINDOWS\system32\SysShield.exe

Description: component of Antivirus Protection (rogue antivirus/antispyware program)

How to remove: use these Antivirus Protection removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AVP
Filename: AVP.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Protection

Command: C:\Program Files\AntiVirus Protection\AVP.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AntiVirus Protection] C:\Program Files\AntiVirus Protection\AVP.exe

Description: main file of Antivirus Protection (rogue antivirus/antispyware program)

How to remove: use these Antivirus Protection removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MD[random]
Filename: MD[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Destructor 2009

Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Malware Destructor 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe” /s /d

Description: main file of Malware Destructor 2009 (rogue antispyware program). Uses random file names for hide itself.

How to remove: use these Malware Destructor 2009 removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: virusremover
Filename: virusremover.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Remover Profesional

Command: %ProgramFiles%\Virus Remover Professional\virusremover.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Virus Remover Profesional] C:\Program Files\Virus Remover Professional\virusremover.exe

Description: main file of Virus Remover Profesional (rogue antvirus/antispyware program)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: psystem
Filename: psystem.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Protection System

Command: C:\Program Files\Protection System\psystem.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe

Description: main file of Protection System (rogue antispyware program)

How to remove: use Malwarebytes Antimalware