HT Logs. Tips, FAQs, Analyze.

helper32.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: helper32
Filename: helper32.dll
Command: c:\windows\system32\helper32.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

DDS Line:

LSP: c:\windows\system32\helper32.dll

Description: component of trojan FakeAlert

How to remove: use these helper32.dll removal instructions.

winlogon32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon32
Filename: winlogon32.exe
Registry key|value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit = “C:\WINDOWS\system32\winlogon32.exe”

Command: C:\WINDOWS\system32\winlogon32.exe
Startup Type: WinLogon->UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

Description: component of trojan FakeAlert

How to remove: use these winlogon32.exe removal instructions.

smss32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: smss32
Filename: smss32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | smss32.exe

Command: c:\windows\system32\smss32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

DDS Line:

mRun: [smss32.exe] c:\windows\system32\smss32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“smss32.exe”=c:\windows\system32\smss32.exe

Description: component of trojan FakeAlert.

How to remove: use these smss32.exe removal instructions.

APcDefender.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: APcDefender
Filename: APcDefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | APcDefender

Command: C:\Program Files\APcDefender Software\APcDefender\APcDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [APcDefender] C:\Program Files\APcDefender Software\APcDefender\APcDefender.exe -min

DDS Line:

mRun: [APcDefender] C:\Program Files\APcDefender Software\APcDefender\APcDefender.exe -min

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“APcDefender”=C:\Program Files\APcDefender Software\APcDefender\APcDefender.exe -min

Description: core part of APcDefender. APcDefender is a rogue antispyware program.

How to remove: use these APcDefender removal instructions.

PCprotectar.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: PCprotectar
Filename: PCprotectar.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PCprotectar.exe

Command: C:\Program Files\PCprotectar Software\PCprotectar\PCprotectar.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PCprotectar.exe] C:\Program Files\PCprotectar Software\PCprotectar\PCprotectar.exe

DDS Line:

uRun: [PCprotectar.exe] C:\Program Files\PCprotectar Software\PCprotectar\PCprotectar.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PCprotectar.exe”=C:\Program Files\PCprotectar Software\PCprotectar\PCprotectar.exe

Description: core part of PCprotectar. PCprotectar is a rogue antispyware program.

How to remove: use these PCprotectar removal instructions.

PCLiveGuard.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: PCLiveGuard
Filename: PCLiveGuard.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PCLG

Command: C:\Documents and Settings\All Users\Application Data\[random]\PCLiveGuard.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PCLG] C:\Documents and Settings\All Users\Application Data\[random]\PCLiveGuard.exe

DDS Line:

uRun: [PCLG] C:\Documents and Settings\All Users\Application Data\[random]\PCLiveGuard.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PCLG”=C:\Documents and Settings\All Users\Application Data\[random]\PCLiveGuard.exe

Description: core component of PC Live Guard. PC Live Guard is a rogue antispyware program.

How to remove: use HijackThis + these PC Live Guard removal instructions.

sr882388.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sr882388
Filename: sr882388.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\Windows\sr882388.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\Windows\sr882388.exe

DDS Line:

uRun: [ttool] C:\Windows\sr882388.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\Windows\sr882388.exe

Description: trojan agent

How to remove: use HijackThis + Kaspersky virus removal tool

PcsProtector.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: PcsProtector
Filename: PcsProtector.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PcsProtector

Command: C:\Program Files\PcsProtector Software\PcsProtector\PcsProtector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [PcsProtector] C:\Program Files\PcsProtector Software\PcsProtector\PcsProtector.exe -min

DDS Line:

mRun: [PcsProtector] C:\Program Files\PcsProtector Software\PcsProtector\PcsProtector.exe -min

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“PcsProtector”=C:\Program Files\PcsProtector Software\PcsProtector\PcsProtector.exe -min

Description: core component of PcsProtector. PcsProtector is a rogue antispyware program.

How to remove: use these PcsProtector removal instructions.

settdebugx.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: settdebugx
Filename: settdebugx.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | settdebugx.exe

Command: %Temp%\settdebugx.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

DDS Line:

uRun: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“settdebugx.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

Description: variant of trojan FakeAlert

How to remove: use these settdebugx.exe removal instructions.

avpc2009.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: avpc2009.exe
Filename: avpc2009.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus PC 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus PC 2009

Command: C:\Program Files\Antivirus PC 2009\avpc2009.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Antivirus PC 2009] cmd /C cd “C:\Program Files\Antivirus PC 2009” && start avpc2009.exe
O4 – HKCU\..\Run: [Antivirus PC 2009] cmd /C cd “C:\Program Files\Antivirus PC 2009” && start avpc2009.exe

DDS Line:

mRun: [Antivirus PC 2009] cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe
uRun: [Antivirus PC 2009] cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus PC 2009″=cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus PC 2009″=cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe

Description: core part of Antivirus PC 2009. Antivirus PC 2009 is a rogue antispyware program.

How to remove: use these Antivirus PC 2009 removal instructions.