HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: UACd
Filename: UACd.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_UACd.sys

Startup Type: hidden driver
Description: trojan that uses rootkit-specific techniques designed to hide itself.
How to remove: use the instruction How to remove windowsclick.com redirect [UACd.sys trojan]

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gaopdxserv
Filename: gaopdxserv.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gaopdxserv.sys

Startup Type: hidden driver
Description:variant of TDSSserv trojan (uses rootkit-specific techniques designed to hide the software presence in the system.)

How to remove: use the instruction How to remove Google searches redirect/vimax ads [gaopdxserv.sys trojan]

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winsource
Filename: winsource.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}

Command: C:\WINDOWS\system32\winsource.dll
CLSID: {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Research – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\WINDOWS\system32\winsource.dll

Description: trojan.bho, installed with Total Security

How to remove: use the instruction How to remove Total Security (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: se
Filename: se.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | se

Command: C:\WINDOWS\system\se.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [se] C:\WINDOWS\system\se.exe

Description: se.exe is a trojan that installed with Antivirus Plus

How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: rundll32
Filename: rundll32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | shell

Command: C:\WINDOWS\system\rundll32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [shell] C:\WINDOWS\system\rundll32.exe 1

Description: trojan that installed with Antivirus Plus (rogue antispyware)

How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: InternetExplorer
Filename: InternetExplorer.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}

Command: C:\WINDOWS\system32\InternetExplorer.dll
CLSID: {D032570A-5F63-4812-A094-87D007C23012}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {D032570A-5F63-4812-A094-87D007C23012} – C:\WINDOWS\system32\InternetExplorer.dll

Description: trojan bho that installed with Antivirus Plus (rogue antispyware program)

How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)

This is a signature of trojan activity.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name of trojan activity: DisableRegistryTools
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableRegistryTools”=1

Description: result of trojan activity

How to remove: Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dbclent
Filename: dbclent.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa | notification packages

Command: C:\WINDOWS\dbclent.dll
Startup Type: LSA->notification packages
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
dbclent.dll

Description: Trojan.Win32.Agent2.him

How to remove: use Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: bwpbwvxxvw
Filename: bwpbwvxxvw.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetConnection

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll
CLSID: {D14F8945-CF96-4231-9FA7-4BC630D80D85}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {D14F8945-CF96-4231-9FA7-4BC630D80D85} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll

Description: trojan, component of rogue antispyware

How to remove: Use HijackThis + Use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ieModule
Filename: ieModule.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | ieModule

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
CLSID:

{92CA440D-C81C-4B72-89D0-D2B464E5678B}
{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}

Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: ieModule – {92CA440D-C81C-4B72-89D0-D2B464E5678B} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

Description: trojan, component of a few rogue antispyware programs

How to remove: Use HijackThis + Use Malwarebytes Antimalware