HT Logs. Tips, FAQs, Analyze.

winlogon86.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon86
Filename: winlogon86.exe
Command: C:\WINDOWS\system32\winlogon86.exe
Startup Type: System.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe

Description: trojan that installed with rogue antispyware program.

How to remove: use HijackThis + Malwarebytes` Anti-malware

Win.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Win
Filename: Win.exe
Command: C:\WINDOWS\system32\config\Win.exe
Startup Type: win.ini
HijackThis Category: F3
HijackThis Line:

F3 – REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe

Description: trojan downloader

How to remove: use HijackThis + Malwarebytes` Anti-malware

winupdate86.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winupdate86
Filename: winupdate86.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | winupdate86.exe

Command: C:\WINDOWS\system32\winupdate86.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“winupdate86.exe”=C:\WINDOWS\system32\winupdate86.exe

Description: trojan agent that installed with winhelper86.dll, winlogon86.exe trojans and Advanced Virus Remover (rogue antispyware program) and shows fake spyware alerts

How to remove: use these winhelper86.dll, winupdate86.exe, winlogon86.exe removal instructions.

wow64main.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wow64main
Filename: wow64main.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | wow64main.exe

Command: %Temp%\wow64main.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [wow64main.exe] %Temp%\wow64main.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“wow64main.exe”=%Temp%\wow64main.exe [2009-10-25 1146880]

Description: trojan that installed with rogue antispyware programs

How to remove: use HijackThis + Malwarebytes` Anti-malware

tdidis32.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: tdidis32
Filename: tdidis32.sys
Command: C:\WINDOWS\system32\tdidis32.sys
Startup Type: driver
Combofix/RSIT Line:

S1 tdidis32.sys;tdidis32.sys; \??\C:\WINDOWS\system32\tdidis32.sys []

Description: trojan agent also known as Rootkit.Win32.Pakes

How to remove: use SUPERAntiSpyware

logon.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: logon
Filename: logon.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe logon.exe

Description: trojan that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sysnet
Filename: sysnet.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SysNet

Command: C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
CLSID: {13E9115E-2CB0-4CAB-91D0-507E9368ED1B}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

Description: trojan agent that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

csrss1.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: csrss1
Filename: csrss1.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss

Command: c:\windows\system32\csrss1.dll
Startup Type: Winlogon Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: Csrss – c:\windows\system32\csrss1.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss]
2009-10-20 17:31 139264 —-a-w- c:\windows\system32\csrss1.dll

Description: unknown trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

calc.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: calc
Filename: calc.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | calc

Command: C:\WINDOWS\system32\calc.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“calc”=rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

Description: a trojan that installed with ntuser.dll trojan and scandisk.dll trojan

How to remove: use HijackThis and Malwarebytes` Anti-malware or Kaspersky virus removal tool

ntuser.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntuser
Filename: ntuser.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | calc

Command: %UserProfile%\ntuser.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\username\ntuser.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“calc”=rundll32.exe C:\DOCUME~1\username\ntuser.dll,_IWMPEvents@0

Description: a trojan that installed with scandisk.dll trojan

How to remove: use HijackThis and use Malwarebytes` Anti-malware or use Kaspersky virus removal tool