HT Logs. Tips, FAQs, Analyze.

ld16.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ld16
Filename: ld16.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: command
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] C:\windows\ld16.exe

DDS Line:

mRun: [sysldtray] C:\windows\ld16.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysldtray”=C:\windows\ld16.exe

Description: component of Koobface worm

How to remove: use these Koobface removal instructions.

pp13.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: pp13
Filename: pp13.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: C:\Windows\pp13.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] C:\Windows\pp13.exe

DDS Line:

mRun: [pp] C:\Windows\pp13.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp13.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

freddy76.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy76
Filename: freddy76.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy76.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy76.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy76.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy76.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

IS2010.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: IS2010
Filename: IS2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Internet Security 2010

Command: C:\Program Files\InternetSecurity2010\IS2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

DDS Line:

uRun: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Internet Security 2010″=C:\Program Files\InternetSecurity2010\IS2010.exe [2009-12-11 1391616]

Description: core component of Internet Security 2010. Internet Security 2010 is a rogue antispyware program.

How to remove: use these Internet Security 2010 removal instructions.

SiteAdware.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SiteAdware
Filename: SiteAdware.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SiteAdware.exe

Command: C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SiteAdware.exe] C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe

DDS Line:

uRun: [SiteAdware.exe] C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SiteAdware.exe”=C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe [2009-12-11 1638912]

Description: core component of SiteAdware. SiteAdware is a rogue antispyware program.

How to remove: use these SiteAdware removal instructions.

mstre25.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mstre25
Filename: mstre25.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SySmstray

Command: C:\windows\mstre25.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SySmstray] C:\windows\mstre25.exe

DDS Line:

mRun: [SySmstray] C:\windows\mstre25.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SySmstray”=c:\windows\mstre25.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: name
Filename: filename
Registry key:

Command: C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RANDOM_NUMBERS] C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe

DDS Line:

mRun: [RANDOM_NUMBERS] C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“RANDOM_NUMBERS”=C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe

Description: core component of Security Tool. Security Tool is a rogue antispyware program.

How to remove: use these Security Tool removal instructions.

AntiTroy.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiTroy
Filename: AntiTroy.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | antitroy.exe

Command: C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [antitroy.exe] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe

DDS Line:

uRun: [antitroy.exe] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“antitroy.exe”=C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe

Description: core component of AntiTroy. AntiTroy is a rogue antispyware program.

How to remove: use these AntiTroy removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: siszyd32
Filename: siszyd32.exe
Command: %userProfile%\start menu\programs\startup\siszyd32.exe
Startup Type: StartUp folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: siszyd32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\siszyd32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
siszyd32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

av_md.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av_md
Filename: av_md.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | av_md
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | av_md

Command:

%WinDir%\system32\av_md.exe
%UserProfile%\av_md.exe

Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 – HKCU\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe
O4 – HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘Default user’)

DDS Line:

mRun: [av_md] C:\WINDOWS\system32\av_md.exe
uRun: [av_md] C:\Documents and Settings\user\av_md.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\WINDOWS\system32\av_md.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\Documents and Settings\user\av_md.exe

Description: trojan also known as Trojan.Pandex [Symantec], Backdoor.Win32.HareBot.alo [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool