HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: systemntmi
Filename: systemntmi.sys
Command: C:\WINDOWS\system32\drivers\systemntmi.sys
Startup Type: Driver
RSIT/Combofix Line:

S2 systemntmi;systemntmi; \??\C:\WINDOWS\system32\drivers\systemntmi.sys []

Description: Trojan, VirTool:Win32/Cutwail.gen

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: securentm
Filename: securentm.sys
Command: C:\WINDOWS\system32\drivers\securentm.sys
Startup Type: Driver
RSIT/Combofix Line:

S2 securentm;securentm; \??\C:\WINDOWS\system32\drivers\securentm.sys []

Description: Trojan, VirTool:Win32/Cutwail.gen [microsoft]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: port135sik
Filename: port135sik.sys
Command: C:\WINDOWS\system32\drivers\port135sik.sys
Startup Type: Driver
Combofix/RSIT Line:

S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []

Description: Trojan, VirTool:Win32/Cutwail.gen [microsoft]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ksi32sk
Filename: ksi32sk.sys
Command: C:\WINDOWS\system32\drivers\ksi32sk.sys
Startup Type: Driver
RSIT/Combofix Line:

S2 ksi32sk;ksi32sk; \??\C:\WINDOWS.0\system32\drivers\ksi32sk.sys []

Description: Trojan, VirTool:Win32/Cutwail.gen [microsoft]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: fips32cup
Filename: fips32cup.sys
Registry key: key
Command: C:\WINDOWS\system32\drivers\fips32cup.sys
Startup Type: Driver
RSIT/Combofix Line:

S2 fips32cup;fips32cup; \??\C:\WINDOWS\system32\drivers\fips32cup.sys []

Description: Trojan component, VirTool:Win32/Cutwail.gen [microsoft]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: amd64si
Filename: amd64si.sys
Command: C:\WINDOWS\system32\drivers\amd64si.sys
Startup Type: Driver
RSIT/Combofix Line:

S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []

Description: unknown trojan component

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: copy
Filename: copy.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7c5715d-5709-11dd-93a8-0080483fe4ed}

Command: C:\WINDOWS.0\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
CLSID: e7c5715d-5709-11dd-93a8-0080483fe4ed
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: java2
Filename: java2.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\java2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\java2.sys

Command: C:\Windows\System32\java2.sys
Startup Type: SafeBoot registry key
Description: Backdoor:Win32/Haxdoor [Microsoft], Trojan-Spy.Win32.Goldun [Ikarus]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: boot
Filename: boot.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c7ee12a-fe37-11d5-b0e8-00804854041f}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3df1eea0-fe4d-11d5-b0ea-00804854041f}

Command: J:\boot.exe
CLSID: 1c7ee12a-fe37-11d5-b0e8-00804854041f
Startup Type: autorun.inf
Description: autorun.inf trojan component, WORM_OPASERV.T [TrendMicro]

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Setup
Filename: Setup.pif
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acd4847d-9849-11dc-b2f6-9d22d1eb4b51}

Command: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
CLSID: acd4847d-9849-11dc-b2f6-9d22d1eb4b51
Startup Type: autorun.inf
Description: autorun.inf trojan component, Troj/DownLd-AAP Trojan [sophos]

How to remove: How to remove trojans that uses autorun.inf file