HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AV1i
Filename: AV1i.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Monitor calibration”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Drives swap”

Command: C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Monitor calibration] C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
O4 – HKLM\..\Run: [Drives swap] C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe

Description: component of Anti-virus-1 and Anti-virus number 1

How to remove: How to remove Anti-virus-1 (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: QWProtect
Filename: QWProtect.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70FEAD04-A7FD-4B89-B814-8A8251C90EF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D187DFF-423F-41d3-A331-A60DE5886675}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2182220D-AA70-4764-B4E6-1F5BBA322C9C}

Command: C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
CLSID:

{70FEAD04-A7FD-4B89-B814-8A8251C90EF7}
{8D187DFF-423F-41d3-A331-A60DE5886675}
{2182220D-AA70-4764-B4E6-1F5BBA322C9C}

Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: QWProtectBHO – {70FEAD04-A7FD-4B89-B814-8A8251C90EF7} – C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
O2 – BHO: QWProtectBHO – {8D187DFF-423F-41d3-A331-A60DE5886675} – C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
O2 – BHO: QWProtectBHO – {2182220D-AA70-4764-B4E6-1F5BBA322C9C} – C:\Documents and Settings\All Users\Application Data\N1\QWProtect.dll

Description: component of Anti-virus-1 and Anti-virus number 1

How to remove: How to remove Anti-virus-1 (Delete instructions)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mudjhftr
Filename: mudjhftr.dll
Command: rundll32.exe “%windir%\system32\mudjhftr.dll”,b
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [606a9e0b] rundll32.exe “C:\WINDOWS\system32\mudjhftr.dll”,b

Description: component of trojan Vundo

How to remove: How to remove Trojan Vundo

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: frmwrk32
Filename: frmwrk32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Framework Windows] frmwrk32.exe

Description: Trojan

How to remove: Use HijackThis.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: eneticab
Filename: eneticab.dll
Command: %windir%\eneticab.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Hqefudivosogike] rundll32.exe “C:\WINDOWS\eneticab.dll”,e

Description: component of trojan Vundo

How to remove: How to remove Trojan Vundo

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Uguguyirog
Filename: Uguguyirog.dll
Command: %windir%\Uguguyirog.dll”
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Bvaduyokuyepe] rundll32.exe “C:\WINDOWS\Uguguyirog.dll”,e

Description: component of trojan Vundo

How to remove: How to remove Trojan Vundo

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: prunnet
Filename: prunnet.exe
Command: %windir%\system32\prunnet.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [prunnet] “C:\WINDOWS\system32\prunnet.exe”

Description: trojan downloader

How to remove: Use Malwarebytes Antimalware

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: lkxcqdb
Filename: lkxcqdb.bat
Command: E:\lkxcqdb.bat
CLSID: {df709192-1538-11dd-bc9a-0011675aabad}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df709192-1538-11dd-bc9a-0011675aabad}]
shell\AutoRun\command – E:\lkxcqdb.bat
shell\explore\command – E:\lkxcqdb.bat
shell\open\command – E:\lkxcqdb.bat

Description: component of autorun.inf virus

How to remove: How to remove lkxcqdb.bat – trojan that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gy
Filename: gy.cmd
CLSID: {b75b8d74-94b1-11dc-bb7c-00c09fcd8ea0}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b75b8d74-94b1-11dc-bb7c-00c09fcd8ea0}]
shell\AutoRun\command – gy.cmd
shell\explore\command – gy.cmd
shell\open\command – gy.cmd

Description: component of autorun.inf virus

How to remove: How to remove gy.cmd – trojan that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: itsduel
Filename: itsduel.exe
Command: E:\itsduel.exe
CLSID: {98ffd239-a6ee-11dd-bd91-00c09fcd8ea0}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98ffd239-a6ee-11dd-bd91-00c09fcd8ea0}]
shell\AutoRun\command – E:\itsduel.exe
shell\explore\command – E:\itsduel.exe
shell\open\command – E:\itsduel.exe

Description: component of autorun.inf virus

How to remove: How to remove itsduel.exe – trojan that uses autorun.inf file