HT Logs. Tips, FAQs, Analyze.

jdsuml.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: jdsuml
Filename: jdsuml.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | qaswww
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman

Command: C:\WINDOWS\system32\jdsuml.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe

DDS Line:

uRun: [qaswww] C:\WINDOWS\system32\jdsuml.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“qaswww”=C:\WINDOWS\system32\jdsuml.exe

Description: trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Troj/Agent-LXF [Sophos], Trojan:Win32/Lethic.B

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

providd.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: providd
Filename: providd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sqlpdro

Command: C:\WINDOWS\system32\providd.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sqlpdro] C:\WINDOWS\system32\providd.exe

DDS Line:

uRun: [sqlpdro] C:\WINDOWS\system32\providd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sqlpdro”=C:\WINDOWS\system32\providd.exe

Description: trojan dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

ihaupd32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ihaupd32
Filename: ihaupd32.exe
Command: %UserProfile%\start menu\programs\startup\ihaupd32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ihaupd32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\ihaupd32.exe

Description: trojan dropper. It installed with updxsp32.exe trojan.

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

updxsp32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: updxsp32
Filename: updxsp32.exe
Command: %UserProfile%\start menu\programs\startup\updxsp32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: updxsp32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\updxsp32.exe

Description: Trojan.Dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

freddy79.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy79
Filename: freddy79.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy79.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy79.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy79.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy79.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

ProtectPcs.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ProtectPcs
Filename: ProtectPcs.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ProtectPcs.exe

Command: C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ProtectPcs.exe] C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe

DDS Line:

uRun: [ProtectPcs.exe] C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ProtectPcs.exe”=C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe [2009-12-21 1638912]

Description: core component of ProtectPcs. ProtectPcs is a rogue antispyware program.

How to remove: use these ProtectPcs removal instructions.

mdefense.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mdefense
Filename: mdefense.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Defense

Command: C:\Program Files\Malware Defense\mdefense.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Malware Defense] “C:\Program Files\Malware Defense\mdefense.exe” -noscan

DDS Line:

uRun: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Malware Defense”=C:\Program Files\Malware Defense\mdefense.exe [2009-12-20 1756088]

Description: core component of Malware Defense. Malware Defense is a rogue antispyware program.

How to remove: use these Malware Defense removal instructions.

clspackxq.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: clspackxq
Filename: clspackxq.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | clspackxq.exe

Command: %Temp%\clspackxq.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

DDS Line:

uRun: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“clspackxq.exe”=c:\docume~1\user\locals~1\temp\clspackxq.exe

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

SysDefence.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SysDefence
Filename: SysDefence.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SysDefence.exe

Command: C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

DDS Line:

uRun: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SysDefence.exe”=C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe [2009-12-17 1638912]

Description: core component of SysDefence. SysDefence is positioned as an anti-spyware software, but in reality it is a malicious program, which must be removed immediately after getting on the computer!

How to remove: use these SysDefence removal instructions.

TheDefend.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TheDefend
Filename: TheDefend.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TheDefend.exe

Command: C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

DDS Line:

uRun: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TheDefend.exe”=C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe [2009-12-17 1638912]

Description: core component of TheDefend. TheDefend is positioned as a program to remove malware, but in reality it is a malicious program, which must be removed immediately after getting on the computer!

How to remove: use these TheDefend removal instructions.