HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: svcst
Filename: svcst.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | svchost

Command: C:\Documents and Settings\user\Application Data\svcst.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [svchost] C:\Documents and Settings\user\Application Data\svcst.exe

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“svchost”=C:\Documents and Settings\user\Application Data\svcst.exe [2009-09-30 264192]

Description: component of trojan FakeAlert that installs rogue antispyware programs

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: seres
Filename: seres.exe
Registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | mserv

Command: %AppData%\seres.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [mserv] c:\documents and settings\username\Application Data\seres.exe

Description: trojan downloader, also known as trojan Win32/Renos, trojan Win32/FakeRean, trojan FakeAlert

How to remove: use HijackThis + use Malwarebytes` Anti-malware

restorer32_a.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: restorer32_a
Filename: restorer32_a.exe
Registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a

Command: c:\windows\system32\restorer32_a.exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [restorer32_a] c:\documents and settings\username\restorer32_a.exe
O4 – HKLM\..\Run: [restorer32_a] c:\windows\system32\restorer32_a.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\documents and settings\username\restorer32_a.exe” [2009-09-29 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\windows\system32\restorer32_a.exe” [2009-09-29 40448]

Description: trojan that installed with Antivirus Pro 2010 (rogue antispyware)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: fio32
Filename: fio32.sys
Command: C:\Windows\system32\drivers\fio32.sys
Startup Type: Driver
Combofix/RSIT Line:

R1 fio32;fio32; \??\C:\Windows\system32\drivers\fio32.sys [2009-09-23 37632]

Description: trojan that installed by worm koobface

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: fioo32
Startup Type: SvcHost
Combofix/RSIT Line:

R2 fioo32;fioo32; C:\Windows\sYSteM32\SvchOst.eXE [2008-01-19 21504]

Description: trojan dropper that installed by worm koobface

How to remove: use Malwarebytes` Anti-malware

iehelpmod.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelpmod
Filename: iehelpmod.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\iehelpmod.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &IE Help – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\iehelpmod.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&IE Help – C:\WINDOWS\system32\iehelpmod.dll [2009-09-29 336896]

Description: trojan fakeAlert that installed by Total Security rogue antispyware program

How to remove: use these Total Security removal instructions

NDISRD.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: NDISRD
Filename: NDISRD.sys
Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NDISRD

Command: C:\WINDOWS\system32\drivers\NDISRD.sys
Startup Type: Driver
Combofix/RSIT Line:

S1 NDISRD;NDISRD; C:\WINDOWS\system32\drivers\NDISRD.sys [2009-06-22 24576

Description: trojan also known as TrojanDownloader, it installed with Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

msnaoladdon.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msnaoladdon
Filename: msnaoladdon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}

Command: C:\WINDOWS\system32\msnaoladdon.dll
CLSID: {A77D3539-581D-450C-9E44-A84C415A6172}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {A77D3539-581D-450C-9E44-A84C415A6172} – C:\WINDOWS\system32\msnaoladdon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}]
C:\WINDOWS\system32\msnaoladdon.dll [2009-09-26 403968]

Description: trojan that installed by Alpha Antivirus (fake antivirus application)

How to remove: use these Alpha Antivirus removal instructions

NetFilter.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: NetFilter
Filename: NetFilter.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | MSDRV

Command: C:\WINDOWS\system32\NetFilter.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [MSDRV] NetFilter.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“MSDRV”=C:\WINDOWS\system32\NetFilter.exe [2009-09-23 122880]

Description: trojan that installed by Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

wsga05.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wsga05
Filename: wsga05.exe
Command: C:\ProgramData\gra\wsga05.exe
Description: trojan Agent installed by Green AV fake antivirus program

How to remove: use these Green AV removal instructions