HT Logs. Tips, FAQs, Analyze.

syre32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: syre32
Filename: syre32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | syre32

Command: C:\WINDOWS\system32\syre32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [syre32] C:\WINDOWS\system32\syre32.exe

DDS Line:

mRun: [syre32] C:\WINDOWS\system32\syre32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“syre32″=C:\WINDOWS\system32\syre32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

cleansweep.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cleansweep
Filename: cleansweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cleansweep.exe

Command: C:\cleansweep.exe\cleansweep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

DDS Line:

uRun: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cleansweep.exe”=C:\cleansweep.exe\cleansweep.exe

Description: trojan also known as Trojan.Spyeye [PCTools], Trojan.Spyeye [Symantec], Trojan-Spy.Win32.SpyEyes.h [Kaspersky Lab], BackDoor-Spyeye [McAfee], Mal/Spyeye-A, Mal/Spyeye-A [Sophos], Trojan:Win32/Spyeye.B [Microsoft],

How to remove: use HijackThis + Kaspersky virus removal tool

nynw.wmo is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: nynw
Filename: nynw.wmo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command:Explorer.exe rundll32.exe nynw.wmo mynleeq
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=”Explorer.exe rundll32.exe nynw.wmo mynleeq”

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

_VOIDd.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: _VOID[random]
Filename: _VOID[random].sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\_VOIDd.sys

Command: %WinDir%\system32\drivers\_VOID[random].sys
Startup Type: Hidden driver
RootRepeal log line:

Service Name: _VOIDd.sys
Image Path: C:\WINDOWS\system32\drivers\_VOIDaabmetnqbf.sys

Description: variant of TDSS trojan

How to remove: use the TDSS trojan removal instructions.

avcommand.net is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to avcommand.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: avcommand.net
Description: avcommand.net is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

drguard.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: drguard
Filename: drguard.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Dr. Guard

Command: C:\Program Files\Dr. Guard\drguard.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Dr. Guard] “C:\Program Files\Dr. Guard\drguard.exe” -noscan

DDS Line:

uRun: [Dr. Guard] C:\Program Files\Dr. Guard\drguard.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Dr. Guard”=C:\Program Files\Dr. Guard\drguard.exe

Description: core component of Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.

asr64_ldm.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: asr64_ldm
Filename: asr64_ldm.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | asr64_ldm.exe

Command: %UserProfile%\LOCALS~1\Temp\asr64_ldm.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [asr64_ldm.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\asr64_ldm.exe

DDS Line:

uRun: [asr64_ldm.exe] C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“asr64_ldm.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Description: trojan fakeAlert that installed with Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.

drwatson64ex.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: drwatson64ex
Filename: drwatson64ex.exe
Command: %UserProfile%\LOCALS~1\Temp\drwatson64ex.exe
Description: trojan FakeAlert that installed with Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

msdtctr.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msdtctr
Filename: msdtctr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | msdtctr.exe

Command: %UserProfile%\LOCALS~1\Temp\msdtctr.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

DDS Line:

uRun: [msdtctr.exe] C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msdtctr.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

Description: trojan FakeAlert that once started, will download and install Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

av-protect.microsoft.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to av-protect.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Site addess: av-protect.microsoft.com
Description: av-protect.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.