HT Logs. Tips, FAQs, Analyze.

_VOIDd.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: _VOID[random]
Filename: _VOID[random].sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\_VOIDd.sys

Command: %WinDir%\system32\drivers\_VOID[random].sys
Startup Type: Hidden driver
RootRepeal log line:

Service Name: _VOIDd.sys
Image Path: C:\WINDOWS\system32\drivers\_VOIDaabmetnqbf.sys

Description: variant of TDSS trojan

How to remove: use the TDSS trojan removal instructions.

ndisdrv.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ndisdrv
Filename: ndisdrv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndisdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv

Command: c:\windows\system32\ndisdrv.sys
Startup Type: Driver
DDS/Combofix/RSIT Line:

S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys –> c:\windows\system32\ndisdrv.sys [?]

Description: trojan-rootkit also known as Mal/Rootkit-Q [Sophos]

How to remove:

Download OTM by OldTimer from here
Run OTM.
Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:services
ndisdrv

:files
c:\windows\system32\ndisdrv.sys

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. When the tool is finished, it will produce a report for you.
Download and run Malwarebytes` Anti-malware

H8SRT.sys is a harmful driver.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Driver name: H8SRT.sys
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys

Command: C:\WINDOWS\system32\drivers\H8SRT[random].sys
Startup Type: Driver
Description: trojan-rootkit also known as Rootkit.TDSS.

How to remove: use these H8SRT trojan removal instructions.

tdidis32.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: tdidis32
Filename: tdidis32.sys
Command: C:\WINDOWS\system32\tdidis32.sys
Startup Type: driver
Combofix/RSIT Line:

S1 tdidis32.sys;tdidis32.sys; \??\C:\WINDOWS\system32\tdidis32.sys []

Description: trojan agent also known as Rootkit.Win32.Pakes

How to remove: use SUPERAntiSpyware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: fio32
Filename: fio32.sys
Command: C:\Windows\system32\drivers\fio32.sys
Startup Type: Driver
Combofix/RSIT Line:

R1 fio32;fio32; \??\C:\Windows\system32\drivers\fio32.sys [2009-09-23 37632]

Description: trojan that installed by worm koobface

How to remove: use Malwarebytes` Anti-malware

NDISRD.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: NDISRD
Filename: NDISRD.sys
Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NDISRD

Command: C:\WINDOWS\system32\drivers\NDISRD.sys
Startup Type: Driver
Combofix/RSIT Line:

S1 NDISRD;NDISRD; C:\WINDOWS\system32\drivers\NDISRD.sys [2009-06-22 24576

Description: trojan also known as TrojanDownloader, it installed with Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dwshd
Filename: dwshd.sys
Command: C:\WINDOWS\System32\drivers\dwshd.sys
Startup Type: Driver
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwshd.sys]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []

Description: trojan also known as trojan.Win32Agent.

How to remove: use Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: DnsFilter
Filename: DnsFilter.sys
Command: c:\windows\system32\drivers\DnsFilter.sys
Startup Type: driver, svchost
Combofix/RSIT Line:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8085:TCP”= 8085:TCP:ddnsfilter
R2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [7/16/2003 11:41 AM 14336]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [8/23/2009 8:43 AM 38016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

Description: trojan also known as Trojan.DNSChanger, Trojan.Dropper [Symantec], Trojan.Win32.Agent.cupu, [Kaspersky Lab], Trojan-Dropper [Ikarus]

How to remove: use Malwarebytes Anti-malware + use Kaspersky virus removal tool.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ESQULserv
Filename: uses random filenames, examples below

c:\windows\system32\drivers\ESQULpjyrxmafdndomsrumnadwoyxcbowcdul.sys
c:\windows\system32\drivers\ESQULvvmlotmovroyobfrbmltkmtttklyrqje.sys
c:\windows\system32\ESQULdfowmsoetvgoovmoowvkctgpjykiyoaq.dll
c:\windows\system32\ESQULjgxtjwkxefqrntwuekdqcwtuospqgmas.dll

Command: c:\windows\system32\drivers\ESQULfqjdadpxylqppquwnvxjkomleltuiihj.sys
Startup Type: hidden driver
Description: variant of trojan DNSChanger

How to remove: use these trojan DNSChanger removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sfc
Filename: sfc.sys
Registry key:

KEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SFC

Command: C:\WINDOWS\system32\drivers\sfc.sys
Startup Type: Driver
Combofix/RSIT Line:

S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys

Description: trojan Win32.Agent

How to remove: try Malwarebytes` Anti-malware or ask for help at Spyware removal forum.