HT Logs. Tips, FAQs, Analyze.

Win Scanner is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Win Scanner associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win Scanner.lnk
%UserProfile%\Start Menu\Programs\Win Scanner
%UserProfile%\Start Menu\Programs\Win Scanner\Win Scanner.lnk
%UserProfile%\Start Menu\Programs\Win Scanner\Win Scanner.lnk

Win Scanner associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win Scanner:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win Scanner is a fake hard disk drive defragmenter software.Once installed, it will display false information and fake critical alerts on the computer. Moreover, it will perform a fake scan and state that the system has some serious problems, such critical errors in Windows registry, hard drive is missing or unreadable. Win Scanner will also blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Do not be scared into purchasing the bogus software! You should remove Win Scanner virus from your computer as soon as possible.

How to remove: use the Win Scanner virus removal guide.

Defragmenter is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Defragmenter
%UserProfile%\Start Menu\Programs\Defragmenter\Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Defragmenter\Defragmenter.lnk

Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Tools:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Defragmenter is a fake hard disk drive defragmenter software.Once installed, it will display false information and fake critical alerts on the computer. Moreover, it will perform a fake scan and state that the system has some serious problems, such critical errors in Windows registry, hard drive is missing or unreadable. Defragmenter will also blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Do not be scared into purchasing the bogus software! You should remove Defragmenter virus from your computer as soon as possible.

How to remove: use the Defragmenter virus removal guide.

HDD Tools is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

HDD Tools associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Tools.lnk
%UserProfile%\Start Menu\Programs\HDD Tools
%UserProfile%\Start Menu\Programs\HDD Tools\HDD Tools.lnk
%UserProfile%\Start Menu\Programs\HDD Tools\HDD Tools.lnk

HDD Tools associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Tools:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Tools is a fake computer optimization software that display false information and fake critical alerts on the computer. Moreover, it will perform a fake scan and state that the system has some serious problems, such critical errors in Windows registry, hard drive is missing or unreadable. HDDTools will also blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Do not be scared into purchasing the bogus software! You should remove HDD Tools from your computer as soon as possible.

How to remove: use the HDD Tools removal.

Smart HDD is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Smart HDD associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Smart HDD.lnk
%UserProfile%\Start Menu\Programs\Smart HDD
%UserProfile%\Start Menu\Programs\Smart HDD\Smart HDD.lnk
%UserProfile%\Start Menu\Programs\Smart HDD\Smart HDD.lnk

Smart HDD associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Smart HDD:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Smart HDD is a malware that pretends to be a computer optimization software. The rogue is installed via trojans without user knowledge and permission. Once started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, SmartHDD will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Smart HDD from your computer for free using legitimate free antimalware software.

How to remove: use the Smart HDD removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

HDD Rescue is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

HDD Rescue associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk

HDD Rescue associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Rescue:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Rescue is a fake computer optimization software that installed through the use of trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDRescue will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove HDD Rescue from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Rescue removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: andy145
Filename: andy145.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | xuri49tkd

Command: C:\windows\andy145.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xuri49tkd] C:\windows\andy145.exe

DDS Line:

mRun: [xuri49tkd] C:\windows\andy145.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“xuri49tkd”=C:\windows\andy145.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cryptnet32
Filename: cryptnet32.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32

Command: C:\WINDOWS\SYSTEM32\cryptnet32.dll
Startup Type: Winlogon->Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: cryptnet32 – C:\WINDOWS\SYSTEM32\cryptnet32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32]
2010-12-08 17:31 48128 —-a-w- C:\WINDOWS\SYSTEM32\cryptnet32.dll

Description: Trojan:Win32/Lukicsel.H [Microsoft]

How to remove: use HijackThis + SUPERAntiSpyware

Internet Antivirus 2011 is a harmful program.

It is a fake security program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Internet Antivirus 2011 associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\IA220_121.exe
%UserProfile%\Application Data\Internet Antivirus 2011
%UserProfile%\Application Data\Internet Antivirus 2011\cookies.sqlite
%UserProfile%\Desktop\Internet Antivirus 2011.lnk
%UserProfile%\Start Menu\Internet Antivirus 2011.lnk
%UserProfile%\Application Data\Internet Antivirus 2011\Instructions.ini
%UserProfile%\Start Menu\Programs\Internet Antivirus 2011.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk

Internet Antivirus 2011 associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Internet Antivirus 2011

Core filename: IA220_121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\IA220_121.exe
HijackThis shows Internet Antivirus 2011:

O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All Users\Application Data\da2933\IA220_121.exe” /s /d

Description: rogue antispyware program

How to remove: use the Internet Antivirus 2011 removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[resethosts]

Click the red Moveit! button. Close OTM.

HDD Plus is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

HDD Plus associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk

HDD Plus associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Plus:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Plus is a fake computer optimization software that installed through the use of trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDPlus will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with this malware then follow the removal guide below to remove HDD Plus from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Plus removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Hard Drive Diagnostic is a harmful program.

It is a malicious program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Hard Drive Diagnostic associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Hard Drive Diagnostic.lnk
%UserProfile%\Start Menu\Programs\Hard Drive Diagnostic
%UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
%UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk

Hard Drive Diagnostic associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Hard Drive Diagnostic:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Hard Drive Diagnostic is a fake computer optimization software that installed via trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HardDrive Diagnostic will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with this malware then follow the removal guide below to remove Hard Drive Diagnostic from your computer for free using legitimate free antimalware software.

How to remove: use the Hard Drive Diagnostic removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).