HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: fioo32
Startup Type: SvcHost
Combofix/RSIT Line:

R2 fioo32;fioo32; C:\Windows\sYSteM32\SvchOst.eXE [2008-01-19 21504]

Description: trojan dropper that installed by worm koobface

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ld14
Filename: ld14.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: C:\Windows\ld14.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] C:\Windows\ld14.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysldtray”=C:\Windows\ld14.exe [2009-09-23 61440]

Description: component of worm koobface, that takes over computers by spreading through the social networks

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: pp12
Filename: pp12.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: C:\Windows\pp12.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] C:\Windows\pp12.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp12.exe [2009-09-23 49152]

Description: component of worm koobface

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy66
Filename: freddy66.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: c:\windows\freddy66.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] c:\windows\freddy66.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=c:\windows\freddy66.exe [2009-09-25 77824]

Description: part of worm Koobface that takes over computers by spreading through the social networks

How to remove: use Malwarebytes` Anti-malware

SecureVeteran.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SecureVeteran
Filename: SecureVeteran.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecureVeteran

Command: C:\Program Files\SecureVeteran Software\SecureVeteran\SecureVeteran.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecuritySoldier] C:\Program Files\SecureVeteran Software\SecureVeteran\SecureVeteran.exe -min

Description: main file of SecureVeteran rogue antispyware program

How to remove: use these SecureVeteran removal instructions

iehelpmod.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelpmod
Filename: iehelpmod.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\iehelpmod.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &IE Help – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\iehelpmod.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&IE Help – C:\WINDOWS\system32\iehelpmod.dll [2009-09-29 336896]

Description: trojan fakeAlert that installed by Total Security rogue antispyware program

How to remove: use these Total Security removal instructions

NDISRD.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: NDISRD
Filename: NDISRD.sys
Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NDISRD

Command: C:\WINDOWS\system32\drivers\NDISRD.sys
Startup Type: Driver
Combofix/RSIT Line:

S1 NDISRD;NDISRD; C:\WINDOWS\system32\drivers\NDISRD.sys [2009-06-22 24576

Description: trojan also known as TrojanDownloader, it installed with Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

msnaoladdon.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msnaoladdon
Filename: msnaoladdon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}

Command: C:\WINDOWS\system32\msnaoladdon.dll
CLSID: {A77D3539-581D-450C-9E44-A84C415A6172}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {A77D3539-581D-450C-9E44-A84C415A6172} – C:\WINDOWS\system32\msnaoladdon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}]
C:\WINDOWS\system32\msnaoladdon.dll [2009-09-26 403968]

Description: trojan that installed by Alpha Antivirus (fake antivirus application)

How to remove: use these Alpha Antivirus removal instructions

NetFilter.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: NetFilter
Filename: NetFilter.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | MSDRV

Command: C:\WINDOWS\system32\NetFilter.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [MSDRV] NetFilter.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“MSDRV”=C:\WINDOWS\system32\NetFilter.exe [2009-09-23 122880]

Description: trojan that installed by Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

AlphaAV.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AlphaAV
Filename: AlphaAV.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AlphaAV

Command: C:\Program Files\AlphaAV\AlphaAV.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AlphaAV] C:\Program Files\AlphaAV\AlphaAV.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AlphaAV”=C:\Program Files\AlphaAV\AlphaAV.exe [2009-09-26 1581056]

Description: main file of Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions