May 7th, 2009 
BHO, O4, Rogue Antispyware/Antivirus
This is a harmful program.
Name: pav
Filename: pav.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Command: c:\program files\pav\pav.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
Description: main file of Personal Antivirus (rogue antispyware program)
How to remove: use these instructions How to remove Personal Antivirus
May 7th, 2009 BHO, O2, Rogue Antispyware/Antivirus, Trojan
This is a harmful program.
Name: winexplorer
Filename: winexplorer.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
Command: C:\WINDOWS\system32\winexplorer.dll
CLSID: {2e59498d-7e44-4452-9044-0973b080b9e8}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
Description: winexplorer.dll is trojan bho, installed with Personal Antivirus (rogue antispyware program)
How to remove: use Use HijackThis + use Use Malwarebytes Antimalware
May 4th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: agent
Filename: agent.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | agent.exe
Command: C:\Program Files\PCenter\agent.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [agent.exe] C:\Program Files\PCenter\agent.exe
Description: component of Privacy Center (rogue privacy program)
How to remove: use the instructions How to remove Privacy Center
May 4th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: spywareguard
Filename: spywareguard.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | spywareguard
Command: c:\program files\spyware guard 2009\spywareguard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [spywareguard] c:\program files\spyware guard 2009\spywareguard.exe
Description: main file of Spyware Guard 2009 (rogue antispyware program)
How to remove: use these instructions How to remove Spyware Guard 2009
May 2nd, 2009 Driver, Rootkit, Trojan
This is a harmful program.
Name: Msqpdxserv
Filename: Msqpdxserv.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_msqpdxserv.sys
Startup Type: hidden driver
Description: Trojan msqpdxserv.sys blocks user access to security websites, web pages have a “VIMAX” ad, Google, Yahoo, MSN search results redirect you to other non related sites. Also trojan msqpdxserv.sys trojan changes the DNS server to 85.255.115.x or 85.255.112.x
How to remove: use these instructions How to remove msqpdxserv.sys trojan
May 2nd, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: VDoca582
Filename: VDoca582.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Doctor
Command: C:\Documents and Settings\All Users\Application Data\927e\VDoca582.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Virus Doctor] “C:\Documents and Settings\All Users\Application Data\927e\VDoca582.exe” /s /d
Description: main file of Virus Doctor (rogue antivirus program)
How to remove: use the instructions How to remove Virus Doctor
May 1st, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: TotalVirusProtection
Filename: TotalVirusProtection.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Total Virus Protection
Command: C:\Program Files\TotalVirusProtection\TotalVirusProtection.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Total Virus Protection] C:\Program Files\TotalVirusProtection\TotalVirusProtection.exe
Description: main file of Total Virus Protection (rogue antispyware program)
How to remove: use the instructions How to remove Total Virus Protection (Delete instructions)
April 30th, 2009 LSP, O10, Rogue Antispyware/Antivirus
This is a harmful program.
Name: firewall
Filename: firewall.dll
Command: c:\program files\coreguard antivirus 2009\firewall.dll
Startup Type: Winsock LSP
HijackThis Category: O10
HijackThis Line:
O10 – Unknown file in Winsock LSP: c:\program files\coreguard antivirus 2009\firewall.dll
Description: component of CoreGuard Antivirus 2009
How to remove: use the instructions How to remove CoreGuard Antivirus 2009 (Uninstall instructions)
April 30th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: Coreguard 2009
Filename: Coreguard 2009.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Coreguard Antivirus 2009
Command: C:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Coreguard Antivirus 2009] C:\Program Files\Coreguard Antivirus 2009\Coreguard 2009.exe
Description: main file of CoreGuard Antivirus 2009 (rogue antivirus/antispyware program)
How to remove: use the instructions How to remove CoreGuard Antivirus 2009 (Uninstall instructions)
April 30th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: pcam
Filename: pcam.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PCAntiMalware
Command: c:\program files\pcantimalware\pcam.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PCAntiMalware] “c:\program files\pcantimalware\pcam.exe” /min
Description: main file of PCAntiMalware (rogue antispyware program)
How to remove: use the instructions How to remove PCAntiMalware (Uninstall Guide)
