HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: uxdeiect
Filename: uxdeiect.com
CLSID: {8e508249-a76f-11dd-8359-001e4cf19625}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e508249-a76f-11dd-8359-001e4cf19625}]
shell\AutoRun\command – uxdeiect.com
shell\explore\command – uxdeiect.com
shell\open\command – uxdeiect.com

Description: malware (autorun.inf trojan)

How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: printer
Filename: printer.exe
CLSID: {86d2e059-9871-11dd-94d9-001e4cf19625}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d2e059-9871-11dd-94d9-001e4cf19625}]
shell\Auto\command – F:\printer.exe
shell\AutoRun\command – C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\printer.exe

Description: malware (autorun.inf trojan)

How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: semo2x
Filename: semo2x.exe
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638d42eb-be6f-11dd-a9f6-001e4cf19625}]
shell\AutoRun\command – semo2x.exe
shell\explore\command – semo2x.exe
shell\open\command – semo2x.exe

Description: malware (autorun.inf trojan)

How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AutoPlay
Filename: AutoPlay.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – S-1-5-18 Startup: AutoPlay.exe (User ‘SYSTEM’)
O4 – .DEFAULT Startup: AutoPlay.exe (User ‘Default user’)
O4 – .DEFAULT User Startup: AutoPlay.exe (User ‘Default user’)

Description: autorun.inf trojan component

How to remove: Use HijackThis + use the instructions How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: qtplugin
Filename: qtplugin.exe
Command: C:\WINDOWS\system32\qtplugin.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe

Description: Trojan-Downloader.Win32.Agent.hmz Trojan

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wdmaud
Filename: wdmaud.sys
Registry key:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux2″=”wdmaud.sys”

Command: C:\Windows\system32\wdmaud.sys
Startup Type: Sound drivers
Description: C:\Windows\system32\wdmaud.sys is a trojan/Google redirect also known as Rootkit.Win32.Agent.fwt. The legitimate wdmaud.sys actually exists at C:\Windows\system32\drivers\

How to remove: use the instructions How to remove Google searches redirect virus 7.7.7.0 (remove Rootkit.Win32.Agent.fwt)

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winconfig
Filename: winconfig.dll
Command: C:\Windows\System32\winconfig.dll
CLSID: {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\Windows\System32\winconfig.dll

Description: trojan fake-alert, component of Antivirus 360

How to remove: use the instructions How to remove Antivirus 360

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winscenter
Filename: winscenter.exe
Command: %windir%\System32\winscenter.exe
Description: Trojan FakeAlert

How to remove: Use Malwarebytes Antimalware

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SysLoader
Filename: SysLoader.exe
Command: %programfiles%\SysLoader.exe
Description: trojan FakeAlert

How to remove: Use Malwarebytes Antimalware

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: baloon
Filename: baloon.exe
Command: c:\windows\system32\baloon.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [c:\windows\system32\baloon.exe] c:\windows\system32\baloon.exe

Description: trojan FakeAlert (Found with WiniGuard)

How to remove: use these instructions How to remove WiniGuard or Use HijackThis