HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: bwpbwvxxvw
Filename: bwpbwvxxvw.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetConnection

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll
CLSID: {D14F8945-CF96-4231-9FA7-4BC630D80D85}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {D14F8945-CF96-4231-9FA7-4BC630D80D85} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll

Description: trojan, component of rogue antispyware

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ieModule
Filename: ieModule.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | ieModule

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
CLSID:

{92CA440D-C81C-4B72-89D0-D2B464E5678B}
{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}

Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: ieModule – {92CA440D-C81C-4B72-89D0-D2B464E5678B} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

Description: trojan, component of a few rogue antispyware programs

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av2009
Filename: av2009.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | 50564483217104051363526518677900

Command: C:\Program Files\Antivirus 2009\av2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [50564483217104051363526518677900] C:\Program Files\Antivirus 2009\av2009.exe

Description: malware, main file of Antivirus 2009 (rogue antispyware)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: awtuUNDT
Filename: awtuUNDT.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB248511-529D-4956-A291-1535CEDF9250}

Command: C:\Windows\system32\awtuUNDT.dll
CLSID: {DB248511-529D-4956-A291-1535CEDF9250}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {DB248511-529D-4956-A291-1535CEDF9250} – C:\Windows\system32\awtuUNDT.dll

Description: Internet Explorer BHO module, trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: N1i
Filename: N1i.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Drive

Command: C:\Documents and Settings\All Users\Application Data\N1\N1i.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe

Description: main file of Anti-virus number 1 (rogue antispyware program)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: svchost
Filename: svchost.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SVCHOST.EXE

Command: C:\WINDOWS\System32\drivers\svchost.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe

Description: trojan fake.alert

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:

O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll

Description: trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: higudivo
Filename: higudivo.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wawusavasi

Command: C:\WINDOWS\System32\higudivo.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s
O4 – HKUS\S-1-5-19\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘NETWORK SERVICE’)

Description: component of trojan Vundo

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: zenonabi
Filename: zenonabi.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | f89de5dc

Command: C:\WINDOWS\System32\zenonabi.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [f89de5dc] rundll32.exe “C:\WINDOWS\System32\zenonabi.dll”,b

Description: trojan Vundo component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gumapoke
Filename: gumapoke.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18865f87-42b0-47d6-8fc4-5301aa0f0f80}

Command: C:\WINDOWS\System32\gumapoke.dll
CLSID: {18865f87-42b0-47d6-8fc4-5301aa0f0f80}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {18865f87-42b0-47d6-8fc4-5301aa0f0f80} – C:\WINDOWS\System32\gumapoke.dll

Description: BHO module, trojan Vundo component

How to remove: Use HijackThis + Use Malwarebytes Antimalware