HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: qtplugin
Filename: qtplugin.exe
Command: C:\WINDOWS\system32\qtplugin.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe

Description: Trojan-Downloader.Win32.Agent.hmz Trojan

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: distus40
Filename: distus40.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [qFrf32V] distus40.exe

Description: Unknown malware component

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: hdddriver
Filename: hdddriver.dll
Command: C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
CLSID: {8B2C743A-D44A-4A93-8233-ABEE8BF8ED62}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: HardwareDrivers – {8B2C743A-D44A-4A93-8233-ABEE8BF8ED62} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll

Description: component of Malware Defender 2009

How to remove: use the instructions How to remove Malware Defender 2009 (Uninstall instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: install
Filename: install.exe
Registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“updater”=”C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe /u”

Command: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [updater] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe /u

Description: component of Malware Defender 2009

How to remove: use the instructions How to remove Malware Defender 2009 (Uninstall instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: malwaredef
Filename: malwaredef.exe
Command: %programfiles%\Malware Defender 2009\malwaredef.exe
Startup Type:HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“malwaredef”=”C:\Program Files\Malware Defender 2009\malwaredef.exe”

Description: main component of Malware Defender 2009

How to remove: use the instructions How to remove Malware Defender 2009 (Uninstall instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: proas2009
Filename: proas2009.exe
Command: C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Pro Antispyware 2009] “C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe” /autorun

Description: main file of Pro Antispyware 2009
Notes: Pro Antispyware 2009 is a rogue antispyware program

How to remove: use the instructions How to remove Pro Antispyware 2009 (Antispyware Pro 2009) Delete instructions

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiSpyware Pro
Filename: AntiSpyware Pro.exe
Command: C:\Program Files\AntiSpyware Pro\AntiSpyware Pro.exe
Startup Type: HKLM->run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AntiSpyware Pro] “C:\Program Files\AntiSpyware Pro\AntiSpyware Pro.exe” hide

Description: main file Antispyware Pro 2009
Notes: Antispyware Pro 2009 is a rogue antispyware

How to remove: use the instructions How to remove Pro Antispyware 2009 (Antispyware Pro 2009) Delete instructions

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wdmaud
Filename: wdmaud.sys
Registry key:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux2″=”wdmaud.sys”

Command: C:\Windows\system32\wdmaud.sys
Startup Type: Sound drivers
Description: C:\Windows\system32\wdmaud.sys is a trojan/Google redirect also known as Rootkit.Win32.Agent.fwt. The legitimate wdmaud.sys actually exists at C:\Windows\system32\drivers\

How to remove: use the instructions How to remove Google searches redirect virus 7.7.7.0 (remove Rootkit.Win32.Agent.fwt)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winconfig
Filename: winconfig.dll
Command: C:\Windows\System32\winconfig.dll
CLSID: {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\Windows\System32\winconfig.dll

Description: trojan fake-alert, component of Antivirus 360

How to remove: use the instructions How to remove Antivirus 360

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: rkgnd
Filename: rkgnd.exe
Command: C:\Program Files\Common Files\System\mgnc\rkgnd.exe
Startup Type:HKLM->RunOnce
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\RunOnce: [39173992539183281] C:\Program Files\Common Files\System\mgnc\rkgnd.exe

Description: component of ANG AntiVirus 09

How to remove: use these instructions How to remove ANG AntiVirus 09 or use HijackThis