HT Logs. Tips, FAQs, Analyze.

Antispyware.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antispyware.exe
Filename: Antispyware.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\Program Files\Def Group\PC Defender\Antispyware.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Description: core component of PC Defender. PC Defender is a rogue antispyware program.

How to remove: use these PC Defender removal instructions.

ccmain.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ccmain
Filename: ccmain.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %UserProfile%\Application Data\Control-Center\ccagent.exe
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: %UserProfile%\Application Data\Control-Center\ccagent.exe

Description: core component of Control Center. Control Center isa fake Windows optimization program.

How to remove: use these Control Center removal instructions.

sdra64.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sdra64
Filename: sdra64.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\WINDOWS\system32\sdra64.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

Description: core component of trojan ZBot also known as Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab], PWS:Win32/Zbot.gen!R [Microsoft], Mal/Zbot-O [Sophos], Infostealer.Banker.C [Symantec]

How to remove: use HijackThis + Malwarebytes` Anti-malware

winlogon32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon32
Filename: winlogon32.exe
Registry key|value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit = “C:\WINDOWS\system32\winlogon32.exe”

Command: C:\WINDOWS\system32\winlogon32.exe
Startup Type: WinLogon->UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

Description: component of trojan FakeAlert

How to remove: use these winlogon32.exe removal instructions.

winlogon86.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon86
Filename: winlogon86.exe
Command: C:\WINDOWS\system32\winlogon86.exe
Startup Type: System.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe

Description: trojan that installed with rogue antispyware program.

How to remove: use HijackThis + Malwarebytes` Anti-malware

logon.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: logon
Filename: logon.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe logon.exe

Description: trojan that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: vshost32
Filename: vshost32.exe
Command: C:\DOCUME~1\8E4B~1\LOCALS~1\Temp\vshost32.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\8E4B~1\LOCALS~1\Temp\vshost32.exe,

How to remove: use HijackThis + use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: twext
Filename: twext.exe
Command: C:\WINDOWS\system32\twext.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

Description: trojan Infostealer.Banker, also known as Zbot, PWS-Zbot.gen.c, Mal/EncPk-CZ

How to remove: Malwarebytes Antimalware

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: regsvr
Filename: regsvr.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe regsvr.exe

Description: regsvr.exe is a trojan

How to remove: Use HijackThis + Use Malwarebytes Antimalware