HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ava
Filename: ava.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV AntiSpyware

Command: C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV AntiSpyware] “C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe” /autorun

Description: main file of AV Antispyware (rogue antispyware)

How to remove: use the instruction How to remove AV Antispyware (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WiniBlueSoft
Filename: WiniBlueSoft.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WiniBlueSoft

Command: C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min

Description: main file of WiniBlueSoft (rogue antispyware program)

How to remove: use the instruction How to remove WiniBlueSoft (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: eewhptdpyl
Filename: eewhptdpyl.dll
Registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
| InternetConnection

Command: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll
CLSID: {AB6DAA8C-F726-4FDD-8B06-9537C5878612}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {AB6DAA8C-F726-4FDD-8B06-9537C5878612} – C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll

Description: component of System Guard 2009

How to remove: use these instructions How to remove System Guard 2009 (Delete instructions).

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: VSweep
Filename: VSweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Sweeper

Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Virus Sweeper] “C:\Documents and Settings\All Users\Application Data\8a37\VSweep.exe” /s /d

Combofix/RSIT Line:

Description: main file of Virus Sweeper (rogue antispyware program)

How to remove: use these instructions How to remove Virus Sweeper (Uninstall instructions).

This is a signature of trojan activity.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name of trojan activity: DisableRegistryTools
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableRegistryTools”=1

Description: result of trojan activity

How to remove: Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dbclent
Filename: dbclent.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa | notification packages

Command: C:\WINDOWS\dbclent.dll
Startup Type: LSA->notification packages
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
dbclent.dll

Description: Trojan.Win32.Agent2.him

How to remove: use Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: bwpbwvxxvw
Filename: bwpbwvxxvw.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetConnection

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll
CLSID: {D14F8945-CF96-4231-9FA7-4BC630D80D85}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {D14F8945-CF96-4231-9FA7-4BC630D80D85} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll

Description: trojan, component of rogue antispyware

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ieModule
Filename: ieModule.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | ieModule

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
CLSID:

{92CA440D-C81C-4B72-89D0-D2B464E5678B}
{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}

Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: ieModule – {92CA440D-C81C-4B72-89D0-D2B464E5678B} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

Description: trojan, component of a few rogue antispyware programs

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av2009
Filename: av2009.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | 50564483217104051363526518677900

Command: C:\Program Files\Antivirus 2009\av2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [50564483217104051363526518677900] C:\Program Files\Antivirus 2009\av2009.exe

Description: malware, main file of Antivirus 2009 (rogue antispyware)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: awtuUNDT
Filename: awtuUNDT.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB248511-529D-4956-A291-1535CEDF9250}

Command: C:\Windows\system32\awtuUNDT.dll
CLSID: {DB248511-529D-4956-A291-1535CEDF9250}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {DB248511-529D-4956-A291-1535CEDF9250} – C:\Windows\system32\awtuUNDT.dll

Description: Internet Explorer BHO module, trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware