HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: VShield
Filename: VShield.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Shield 2009

Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\VShield.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Virus Shield 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\VShield.exe” /s /d

Description: main file of Virus Shield 2009 – rogue antispyware program.

How to remove: use the instructions How to remove Virus Shield 2009 (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sysguard
Filename: sysguard.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | system tool

Command: C:\WINDOWS\sysguard.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe

Description: filename of main file of Spyware Protect 2009 and Antivirus System PRO. Both apps are rogue antispyware programs.

How to remove: use these Spyware Protect 2009 removal instructions or use these Antivirus System PRO removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelper
Filename: iehelper.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

Command: C:\WINDOWS\system32\iehelper.dll
CLSID:

{ABD42510-9B22-41cd-9DCD-8182A2D07C63}
{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: BHO – {ABD42510-9B22-41cd-9DCD-8182A2D07C63} – C:\WINDOWS\system32\iehelper.dll
O2 – BHO: BHO – {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} – C:\WINDOWS\system32\iehelper.dll

Description: trojan bho, installed with Spyware Protect 2009 and Antivirus System PRO

How to remove: use HijackThis or use these Spyware Protect 2009 removal instructions or use these Antivirus System PRO removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msas2009
Filename: msas2009.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MS AntiSpyware 2009

Command: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MS AntiSpyware 2009] “C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe” /autorun

Description: main file MS Antispyware 2009 (rogue antispyware program)

How to remove: use the instructions How to remove MS Antispyware 2009

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TDSSserv
Filename: TDSSserv.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_TDSSserv.sys

Startup Type: Hidden driver
Description: TDSSserv.sys is Trojan.TDSSserv also known as Trojan Backdoor.Tidserv that uses rootkit-specific techniques designed to hide itself.

How to remove: use the instructions How to remove trojan TDSSserv (TDSSserv.sys), clbdriver.sys and seneka.sys

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntivirusPro2009
Filename: AntivirusPro2009.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus Pro 2009

Command: C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Antivirus Pro 2009] “C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe” /hide

Description: main file Antivirus Pro 2009 (rogue antispyware program)

How to remove: use the instructions How to remove Antivirus Pro 2009

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: RDPlatinumv5
Filename: RDPlatinumv5.exe
Command: C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe

Description: main file of Registry Defender (rogue registry cleaning program)

How to remove: use the instructions How to remove Registry Defender Platinum (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: tazeyubo
Filename: tazeyubo.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\tazeyubo.dll
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\tazeyubo.dll

Description: trojan Vundo component

How to remove: use the instructions How to remove Trojan Vundo

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gadcom
Filename: gadcom.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | gadcom

Command: C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [gadcom] “C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe”

Description: trojan, installed with rogue antispyware programs and other malware

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntivirusXP
Filename: AntivirusXP.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntivirusXP.exe

Command: C:\Program Files\AntivirusXP\AntivirusXP.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntivirusXP.exe] C:\Program Files\AntivirusXP\AntivirusXP.exe

Description: main file of Antivirus XP Pro (rogue antispyware program)

How to remove: use the instructions How to remove Antivirus XP Pro (Delete instructions)