HT Logs. Tips, FAQs, Analyze.

GuardWWW.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardWWW
Filename: GuardWWW.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardWWW

Command: C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe -min

DDS Line:

uRun: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardWWW”=C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Description: core component of GuardWWW. GuardWWW is a rogue antispyware program.

How to remove: use these GuardWWW removal instructions.

Antimalware Defender.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antimalware Defender
Filename: Antimalware Defender.dll
Command: C:\Program Files\Antimalware Defender\Antimalware Defender.dll
Description: component of Antimalware Defender. Antimalware Defender is a rogue antispyware program.

How to remove: use these Antimalware Defender removal instructions.

Newsoftspot.microsoft.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to Newsoftspot.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Site addess: Newsoftspot.microsoft.com
Description: Newsoftspot.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]

Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

DDS Line:

mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Description: core part of Antivirus Soft. Antivirus Soft is a rogue antispyware program.

How to remove: use these Antivirus Soft removal instructions.

extrac64_cab.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: extrac64_cab
Filename: extrac64_cab.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | extrac64_cab.exe

Command: %UserProfile%\temp\extrac64_cab.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\user\LOCALS~1\Temp\extrac64_cab.exe

DDS Line:

uRun: [extrac64_cab.exe] c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“extrac64_cab.exe”=c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Description: new variant of cls_pack.exe trojan. It also known as HeurEngine.MaliciousPacker [PCTools], Packed.Generic.277 [Symantec], Trojan-Downloader.Win32.FraudLoad.wxry [Kaspersky Lab], Mal/Generic-A [Sophos], Trojan-Downloader.Win32.FraudLoad [Ikarus]

How to remove: use these extrac64_cab.exe removal instructions.

MyPcSecure.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MyPcSecure
Filename: MyPcSecure.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MyPcSecure

Command: C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

DDS Line:

uRun: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MyPcSecure”=C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Description: core part of MyPcSecure. MyPcSecure is a rogue antispyware program.

How to remove: use these MyPcSecure removal instructions.

0021.DLL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 0021
Filename: 0021.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0021.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0021.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

0020.DLL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 0020
Filename: 0020.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0020.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0020.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

0019.DLL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 0019
Filename: 0019.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\0019.DLL
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0019.DLL”

Description: trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Antivir.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core component of Antivir 2010. Antivir 2010 is a rogue antispyware program.

How to remove: use these Antivir 2010 removal instructions.