HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: tcpsr
Filename: tcpsr.sys
Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr
Command: C:\WINDOWS\System32\drivers\tcpsr.sys
Startup Type: services
RSIT/Combofix log line: S3 tcpsr;tcpsr; \??\C:\WINDOWS\System32\drivers\tcpsr.sys []
Description: Rootkit.MailGrab also known as TROJ_PANDEX.CHL, looks here

How to remove: Use SDFix free trojan remover tool

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sic32
Filename: sic32.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5b3fc5-8964-11dc-8106-d519e4d51f80}\shell\AutoRun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5b3fc5-8964-11dc-8106-d519e4d51f80}\shell\open\command

Command: F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe
CLSID {ce5b3fc5-8964-11dc-8106-d519e4d51f80}
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: oufddh
Filename: oufddh.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9cdffb-887f-11dd-83c9-b13a56a6fdb8}\shell\AutoRun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9cdffb-887f-11dd-83c9-b13a56a6fdb8}\shell\explore\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9cdffb-887f-11dd-83c9-b13a56a6fdb8}\shell\open\command

Command: F:\oufddh.exe
CLSID {bf9cdffb-887f-11dd-83c9-b13a56a6fdb8}
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MicrSoft
Filename: MicrSoft.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b12973a-ba55-11dd-8480-00e04c5add14}shell\AutoRun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b12973a-ba55-11dd-8480-00e04c5add14}\shell\Explore\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b12973a-ba55-11dd-8480-00e04c5add14}\shell\Open\command

Command: c:\MicrSoft.exe
CLSID {9b12973a-ba55-11dd-8480-00e04c5add14}
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ise
Filename: ise.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a8a5363-802a-11dd-83b5-b358442cdd6a}\shell\AutoRun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a8a5363-802a-11dd-83b5-b358442cdd6a}\shell\open\command

Description: autorun.inf trojan component
Startup Type: autorun.inf
Command: c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
CLSID: {9a8a5363-802a-11dd-83b5-b358442cdd6a}

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: nideiect
Filename: nideiect.com
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91f4a4f4-a12d-11dd-8410-00e04c5add14}\shell\AutoRun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91f4a4f4-a12d-11dd-8410-00e04c5add14}\shell\explore\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91f4a4f4-a12d-11dd-8410-00e04c5add14}\shell\open\command

Startup Type: autorun.inf
Command: G:\nideiect.com
CLSID: {91f4a4f4-a12d-11dd-8410-00e04c5add14}
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: autorun
Filename: autorun.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{623d6344-d550-11dc-81ff-a1030769832c}\shell\1\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{623d6344-d550-11dc-81ff-a1030769832c}\shell\2\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{623d6344-d550-11dc-81ff-a1030769832c}\shell\AutoRun\command

Command:

F:\.\RECYCLER\RECYCLER\autorun.exe
C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

CLSID: {623d6344-d550-11dc-81ff-a1030769832c}
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ctfmon
Filename: ctfmon.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e8a80b0-894c-11dc-8104-87b758146119}\shell\AutoRun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e8a80b0-894c-11dc-8104-87b758146119}\shell\Open\command

Command:

C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
c:\Recycled\ctfmon.exe

CLSID: {0e8a80b0-894c-11dc-8104-87b758146119}
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntde1ect
Filename: ntde1ect.com
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{406f7ad0-dfd8-11dc-821e-f5af76bde366}\shell\AutoRun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{406f7ad0-dfd8-11dc-821e-f5af76bde366}\shell\explore\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{406f7ad0-dfd8-11dc-821e-f5af76bde366}\shell\open\command

Command: F:\ntde1ect.com
CLSID: {406f7ad0-dfd8-11dc-821e-f5af76bde366}
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Sws05
Filename: Sws05.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sws05.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sws05.sys

Description: trojan component