HT Logs. Tips, FAQs, Analyze.

AvBho.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AvBho
Filename: AvBho.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}

Command: C:\Program Files\Antivirus\AvBho.dll
CLSID: {9d541c6a-573b-4888-b35e-6816e68c3620}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: BhoApp – {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll

DDS Line:

BHO: BhoApp: {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}]
BhoApp – C:\Program Files\Antivirus\AvBho.dll

Description: malicious BHO module, component of Antivirus. Antivirus is a rogue antispyware program.

How to remove: use these Antivirus removal instructions.

freddy100.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy100
Filename: freddy100.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy100.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy100.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy100.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy100.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

SA[random].exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SA[random]
Filename: SA[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Antivirus

Command: C:\Documents and Settings\All Users\Application Data\[random]\SA[random].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Antivirus] “C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe” /s /d

DDS Line:

uRun: [Security Antivirus] C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Antivirus”=C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe

Description: core component of Security Antivirus. Security Antivirus is a rogue antispyware program.

How to remove: use the Security Antivirus removal instructions.

ddexpshare.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ddexpshare
Filename: ddexpshare.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ddexpshare.exe

Command: %UserProfile%\LOCALS~1\Temp\ddexpshare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ddexpshare.exe] C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe

DDS Line:

uRun: [ddexpshare.exe] C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ddexpshare.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe [2010-02-09 786432]

Description: trojan FakeAler that uses to promote Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

SecurePcAv.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SecurePcAv
Filename: SecurePcAv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecurePcAv

Command: C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe -min

DDS Line:

uRun: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurePcAv”=C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe

Description: core component of SecurePcAv. SecurePcAv is a rogue antispyware program.

How to remove: use these SecurePcAv removal instructions.

advanceddefender.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: advanceddefender
Filename: advanceddefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | advanceddefender

Command: C:\Program Files\Advanced Defender\advanceddefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe

DDS Line:

mRun: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“advanceddefender”=C:\Program Files\Advanced Defender\advanceddefender.exe

Description: core component of Advanced Defender. Advanced Defender is a rogue antispyware program.

How to remove: use these Advanced Defender removal instructions.

pav.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: pav
Filename: pav.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Paladin Antivirus

Command: C:\Program Files\Paladin Antivirus\pav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Paladin Antivirus] “C:\Program Files\Paladin Antivirus\pav.exe” -noscan

DDS Line:

uRun: [Paladin Antivirus] “C:\Program Files\Paladin Antivirus\pav.exe” -noscan

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Paladin Antivirus”=C:\Program Files\Paladin Antivirus\pav.exe

Description: core component of Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

freddy84.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy84
Filename: freddy84.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy84.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy84.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy84.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy84.exe

Description: part of koobface worm

How to remove: use these koobface removal instructions.

Livesoftrock.microsoft.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to Livesoftrock.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Site addess: Livesoftrock.microsoft.com
Description: Livesoftrock.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft. Antivirus Soft is a rogue antispyware program.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

netuza32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: netuza32
Filename: netuza32.exe
Command: %UserProfile%\start menu\programs\startup\netuza32.exe
Startup Type: Startup Folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: netuza32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\netuza32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
netuza32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool