HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Installer
Filename: Installer.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntivirusBEST

Command: C:\Documents and Settings\All Users\Application Data\AB\Installer.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AntivirusBEST] C:\Documents and Settings\All Users\Application Data\AB\Installer.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntivirusBEST”=C:\Documents and Settings\All Users\Application Data\AB\Installer.exe [2009-06-26 78848]

Description: main file of AntivirusBEST (rogue antispyware program)

How to remove: use these AntivirusBEST removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AdSubscribe
Filename: AdSubscribe.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AdSubscribe
HKEY_CLASSES_ROOT\CLSID\{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}

Command: shelliconoverlayidentifiers
CLSID: clsid
Startup Type:
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AdSubscribe]
@=”{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}”
[HKEY_CLASSES_ROOT\CLSID\{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}]
2009-06-23 21:11 750080 —-a-w- c:\documents and settings\user\Application Data\AdSubscribe\AdSubscribe.dll
2009-06-23 21:11 . 2009-06-23 21:11 ——– d—–w- c:\documents and settings\user\Application Data\AdSubscribe
2009-06-23 21:11 . 2009-06-23 21:11 807424 —-a-w- c:\documents and settings\user\Application Data\AdSubscribe\Uninstall.exe
2009-06-23 21:11 . 2009-06-23 21:11 750080 —-a-w- c:\documents and settings\user\Application Data\AdSubscribe\AdSubscribe.dll

Description: adware also known as AdWare.FearAds, Trojan-Downloader.Win32.Adload.fib, Worm.Win32.Malware.gen

How to remove: ask help at Spyware removal forum.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sysmonnt
Filename: sysmonnt.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysmonnt

Command: C:\WINDOWS\System32\sysmonnt
Startup Type: startupreg
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysmonnt]
C:\WINDOWS\System32\sysmonnt

Description: spyware component

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: paumrt32
Filename: paumrt32.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ho29RhH5e

CLSID: startupreg
Startup Type:
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ho29RhH5e]
paumrt32.exe

Description: Unknown trojan

These ip addresses that uses DNSChanger trojan.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

HijackThis Category: O17
HijackThis Line:

O17 – HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.117,85.255.112.121

Description: 85.255.112.117 and 85.255.112.121 are ip addresses that uses trojan DNSChanger

How to remove: use these trojan DNSChanger removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: net
Filename: net.net
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | net

Command: C:\WINDOWS\system32\net.net
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [net] “C:\WINDOWS\system32\net.net”

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“net”=C:\WINDOWS\system32\net.net

Description: unknown trojan, usually installed with rogue antispyware software

How to remove: use HijackThis

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: liser
Filename: liser.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | kell

Command: c:\program Files\Manson\liser.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [kell] C:\Program Files\Manson\liser.exe (User ‘Default user’)
O4 – HKCU\..\Run: [kell] c:\program Files\Manson\liser.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“kell”=c:\program Files\Manson\liser.exe

Description: trojan that installed with rogue antivirus/antispyware apps.

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: liser
Filename: liser.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: c:\progra~1\Manson\liser.dll
Startup Type: AppInit DLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: c:\progra~1\Manson\liser.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”c:\progra~1\Manson\liser.dll”

Description: trojan agent [Malwarebytes Anti-malware]

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msncache
Startup Type: Service (svchost)
Combofix/RSIT Line:

R2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

Description: Unknown trojan component

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sopidkc
Filename: sopidkc.exe
Command: C:\WINDOWS\system32\sopidkc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: sopidkc Service (sopidkc) – Elecard Lt – C:\WINDOWS\system32\sopidkc.exe

Combofix/RSIT Line:

R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-18 124928]

Description: Virus, identified as Backdoor:Win32/Refpron.gen!C [Microsoft], Troj/Comsa-C [Sophos], New Win32 [McAfee], Packed.Win32.Koblu.b [Kaspersky Lab]