HT Logs. Tips, FAQs, Analyze.

ndisdrv.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ndisdrv
Filename: ndisdrv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndisdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv

Command: c:\windows\system32\ndisdrv.sys
Startup Type: Driver
DDS/Combofix/RSIT Line:

S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys –> c:\windows\system32\ndisdrv.sys [?]

Description: trojan-rootkit also known as Mal/Rootkit-Q [Sophos]

How to remove:

Download OTM by OldTimer from here
Run OTM.
Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:services
ndisdrv

:files
c:\windows\system32\ndisdrv.sys

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. When the tool is finished, it will produce a report for you.
Download and run Malwarebytes` Anti-malware

H8SRT.sys is a harmful driver.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Driver name: H8SRT.sys
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys

Command: C:\WINDOWS\system32\drivers\H8SRT[random].sys
Startup Type: Driver
Description: trojan-rootkit also known as Rootkit.TDSS.

How to remove: use these H8SRT trojan removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Msqpdxserv
Filename: Msqpdxserv.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_msqpdxserv.sys

Startup Type: hidden driver
Description: Trojan msqpdxserv.sys blocks user access to security websites, web pages have a “VIMAX” ad, Google, Yahoo, MSN search results redirect you to other non related sites. Also trojan msqpdxserv.sys trojan changes the DNS server to 85.255.115.x or 85.255.112.x

How to remove: use these instructions How to remove msqpdxserv.sys trojan

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TDSSserv
Filename: TDSSserv.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_TDSSserv.sys

Startup Type: Hidden driver
Description: TDSSserv.sys is Trojan.TDSSserv also known as Trojan Backdoor.Tidserv that uses rootkit-specific techniques designed to hide itself.

How to remove: use the instructions How to remove trojan TDSSserv (TDSSserv.sys), clbdriver.sys and seneka.sys

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: UACd
Filename: UACd.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_UACd.sys

Startup Type: hidden driver
Description: trojan that uses rootkit-specific techniques designed to hide itself.
How to remove: use the instruction How to remove windowsclick.com redirect [UACd.sys trojan]

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gaopdxserv
Filename: gaopdxserv.sys
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gaopdxserv.sys

Startup Type: hidden driver
Description:variant of TDSSserv trojan (uses rootkit-specific techniques designed to hide the software presence in the system.)

How to remove: use the instruction How to remove Google searches redirect/vimax ads [gaopdxserv.sys trojan]

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gxvxcserv
Registry key:

HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\Controlset003\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys

Command: command
Startup Type: Hidden driver
Description: troajn w32.Tidserv. The trojan uses rootkit techniques designed to hide the software presence in the system.

How to remove: use the instructions How to remove gxvxcserv.sys trojan (Google redirect virus)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gaopdxqltiqmuy
Filename: gaopdxqltiqmuy.sys
Command: c:\windows\system32\drivers\gaopdxqltiqmuy.sys
Startup Type: Hidden driver
Description: Rootkit/trojan component

How to remove: How to remove trojan TDSSserv (TDSSserv.sys), clbdriver.sys and seneka.sys

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: tcpsr
Filename: tcpsr.sys
Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr
Command: C:\WINDOWS\System32\drivers\tcpsr.sys
Startup Type: services
RSIT/Combofix log line: S3 tcpsr;tcpsr; \??\C:\WINDOWS\System32\drivers\tcpsr.sys []
Description: Rootkit.MailGrab also known as TROJ_PANDEX.CHL, looks here

How to remove: Use SDFix free trojan remover tool