mmduch.dll is a harmful program.
Name: mmduch
Filename: mmduch.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | bipro
Command: %WinDir%\$NtUninstallMTF1011$\mmduch.dll
CLSID: {9429BB93-2DC8-4C12-83A6-91BF6B374D85}
Startup Type: BHO, HKLM->Run
HijackThis Category: O2, O4
HijackThis Line:
O2 – BHO: Sky-Banners Browser Enhancer mmduch – {9429BB93-2DC8-4C12-83A6-91BF6B374D85} – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
O4 – HKLM\..\Run: [bipro] rundll32 “C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run
DDS Line:
BHO: Sky-Banners Browser Enhancer mmduch: {9429BB93-2DC8-4C12-83A6-91BF6B374D85} – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
mRun: [bipro] “C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}]
Sky-Banners Browser Enhancer mmduch – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“bipro”=”C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run
Description: component of Sky-Banners Browser Enhancer malware
How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.
1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“bipro”=-
:files
%WinDir%\$NtUninstallMTF1011$\mmduch.dll
:Commands
[emptytemp]
[Reboot]
Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.
2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).