HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: nfdmg
Filename: nfdmg.com
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}

CLSID: {a0b9b731-e792-11dd-80d3-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}]
shell\AutoRun\command – nfdmg.com
shell\explore\command – nfdmg.com
shell\open\command – nfdmg.com

Description: Trojan.Win32.VB (virus)

How to remove: How to remove nfdmg.com – trojan that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wcpfvd
Filename: wcpfvd.dll
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: wcpfvd.dll

Description: component of a trojan

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntdll64
Filename: ntdll64.dll
Command: c:\windows\temp\ntdll64.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll

Description: Trojan

How to remove: How to use LSP Fix to repair Winsock 2 settings

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msiconf
Filename: msiconf.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User ‘Default user’)

Description: Trojan

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: VRM2009
Filename: VRM2009.exe
Command: C:\Program Files\VirusRemover2009\VRM2009.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [VirusRemover2009] C:\Program Files\VirusRemover2009\VRM2009.exe

Description: component of VirusRemover2009

How to remove: How to remove VirusRemover2009 (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: IEPlugin163
Filename: IEPlugin163.dll
Command: C:\Program Files\WinCleaner\modules\IEPlugin163.dll
CLSID: {2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
Startup Type: BHO
HijackThis Category: O4
HijackThis Line:

O2 – BHO: AntiSyware (IE PlugIn) – {2F3D01F3-2A8E-4814-AA0F-8315172D22BF} – C:\Program Files\WinCleaner\modules\IEPlugin163.dll

Description: component of WinCleaner 2009

How to remove: How to remove WinCleaner 2009 (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WinCleaner
Filename: WinCleaner.exe
Command: C:\Program Files\WinCleaner\WinCleaner.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ASC-AntiSpyware.lnk = C:\Program Files\WinCleaner\WinCleaner.exe

Description: component of WinCleaner 2009

How to remove: How to remove WinCleaner 2009 (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SbCtri
Filename: SbCtri.exe
Registry key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = “Explorer.exe %System%\drivers\SbCtri.exe”

Command: %WinDir%\System32\drivers\SbCtri.exe
Startup Type: Winlogon->Shell
Description: Win32/IRCBot.GF

How to remove: Use Spyware removal forum.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TotalVirusProtection
Filename: TotalVirusProtection.exe
Command: C:\Program Files\TotalVirusProtection\TotalVirusProtection.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Total Virus Protection] C:\Program Files\TotalVirusProtection\TotalVirusProtection.exe

Description: component of Total Virus Protection rogue antivirus/antispyware

How to remove: How to remove Total Virus Protection (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Malware Doctor
Filename: Malware Doctor.exe
Command: C:\Program Files\Malware Doctor\Malware Doctor.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Alcmtr] C:\Program Files\Malware Doctor\Malware Doctor.exe

Description: component of Malware Doctor rogue antispyware

How to remove: How to remove MalwareDoc or Malware Doctor (Delete instructions)