HT Logs. Tips, FAQs, Analyze.

helper32.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: helper32
Filename: helper32.dll
Command: c:\windows\system32\helper32.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

DDS Line:

LSP: c:\windows\system32\helper32.dll

Description: component of trojan FakeAlert

How to remove: use these helper32.dll removal instructions.

winlogon32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon32
Filename: winlogon32.exe
Registry key|value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit = “C:\WINDOWS\system32\winlogon32.exe”

Command: C:\WINDOWS\system32\winlogon32.exe
Startup Type: WinLogon->UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

Description: component of trojan FakeAlert

How to remove: use these winlogon32.exe removal instructions.

smss32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: smss32
Filename: smss32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | smss32.exe

Command: c:\windows\system32\smss32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

DDS Line:

mRun: [smss32.exe] c:\windows\system32\smss32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“smss32.exe”=c:\windows\system32\smss32.exe

Description: component of trojan FakeAlert.

How to remove: use these smss32.exe removal instructions.

sr882388.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sr882388
Filename: sr882388.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\Windows\sr882388.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\Windows\sr882388.exe

DDS Line:

uRun: [ttool] C:\Windows\sr882388.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\Windows\sr882388.exe

Description: trojan agent

How to remove: use HijackThis + Kaspersky virus removal tool

settdebugx.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: settdebugx
Filename: settdebugx.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | settdebugx.exe

Command: %Temp%\settdebugx.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

DDS Line:

uRun: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“settdebugx.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

Description: variant of trojan FakeAlert

How to remove: use these settdebugx.exe removal instructions.

wivrs.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wivrs
Filename: wivrs.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}

Command: c:\windows\system32\wivrs.exe
CLSID: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5} – c:\windows\system32\wivrs.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}]
c:\windows\system32\wivrs.exe

Description: trojan

How to remove: use Windows registry editor (regedit) + Malwarebytes` Anti-malware

193.104.110.38 is a malicious DNS server

If your browser is hijacked or Google, Yahoo, MSN search results are redirected to non related sites, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.104.110.38
HijackThis Category: O17
HijackThis Line:

O17 – HKLM\System\CCS\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O17 – HKLM\System\CS1\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254

MalwareBytes` Anti-malware shows infection:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38

Description: 193.104.110.38 used as DNS server to redirect browser to non related sites

How to remove: use HijackThis + Malwarebytes` Anti-malware

H8SRT.sys is a harmful driver.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Driver name: H8SRT.sys
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys

Command: C:\WINDOWS\system32\drivers\H8SRT[random].sys
Startup Type: Driver
Description: trojan-rootkit also known as Rootkit.TDSS.

How to remove: use these H8SRT trojan removal instructions.

Avg.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Avg
Filename: Avg.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Avg.exe

Command: C:\windows\Avg.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Avg.exe] C:\windows\Avg.exe

DDS Line:

uRun: [Avg.exe] C:\windows\Avg.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Avg.exe”=C:\windows\Avg.exe

Description: trojan also known as Trojan-Banker.Win32.Banker.etk [Kaspersky Lab], Trojan-Banker.Win32.Banker [Ikarus], TrojanSpy:Win32/Bancos.gen!C [Microsoft], Mal/DelpBanc-A, Mal/Banspy-F, Mal/Banspy-I [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

ldfrmmd.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ldfrmmd
Filename: ldfrmmd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cximddl

Command: C:\WINDOWS\system32\ldfrmmd.exe
Startup Type: HKCU->run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

DDS Line:

uRun: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cximddl”=C:\WINDOWS\system32\ldfrmmd.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool