HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: angpd
Filename: angpd.exe
Command: C:\Program Files\Common Files\System\mgnc\angpd.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [62964419826679261] C:\Program Files\Common Files\System\mgnc\angpd.exe

Description: component of ANG AntiVirus 09

How to remove: use the instructions How to remove ANG AntiVirus 09 (Delete instructions) or use HijackThis.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WiniGuard
Filename: WiniGuard.exe
Command: c:\program files\winiguard software\winiguard\WiniGuard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [WiniGuard] “c:\program files\winiguard software\winiguard\WiniGuard.exe” -min

Description: main component of WiniGuard (rogue antispyware)

How to remove: use these instructions How to remove WiniGuard (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: baloon
Filename: baloon.exe
Command: c:\windows\system32\baloon.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [c:\windows\system32\baloon.exe] c:\windows\system32\baloon.exe

Description: trojan FakeAlert (Found with WiniGuard)

How to remove: use these instructions How to remove WiniGuard or Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cfrog
Filename: cfrog.exe
Command: c:\windows\system32\cfrog.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [c:\windows\system32\cfrog.exe] c:\windows\system32\cfrog.exe

Description: component of WiniGuard

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: promo
Filename: promo.exe
Command: c:\windows\system32\promo.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [promo.exe] c:\windows\system32\promo.exe

Description: trojan (found with WiniGuard)

How to remove: How to remove WiniGuard (Delete instructions) or Use HijackThis.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: xivop
Filename: xivop.exe
Command: C:\WINDOWS\xivop.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xivop] C:\WINDOWS\xivop.exe

Description: component of unknown malware

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: qwbqgkxr
Filename: qwbqgkxr.exe
Command: C:\WINDOWS\qwbqgkxr.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [MaG78PfJs] C:\WINDOWS\qwbqgkxr.exe

Description: component of unknown malware

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

CLSID: {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} – (no file)

Combofix/RSIT Line:
Description: part of SPYW_IMISERV.C, looks here

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: uacinit
Filename: uacinit.dll
Command: %windir%\System32\uacinit.dll
Startup Type: Driver
Description: component of UACd.sys trojan (windowsclick.com hijacker)

How to remove: How to remove windowsclick.com redirect [UACd.sys trojan]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: m9ma
Filename: m9ma.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}

CLSID: {f2e1c83a-e730-11dd-80d2-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}]
shell\AutoRun\command – m9ma.exe
shell\explore\command – m9ma.exe
shell\open\command – m9ma.exe

Description: Trojan/Win32.Inject.ldi (W32/Backdoor2)

How to remove: How to remove trojans that uses autorun.inf file