HT Logs. Tips, FAQs, Analyze.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: promo
Filename: promo.exe
Command: c:\windows\system32\promo.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [promo.exe] c:\windows\system32\promo.exe

Description: trojan (found with WiniGuard)

How to remove: How to remove WiniGuard (Delete instructions) or Use HijackThis.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: uacinit
Filename: uacinit.dll
Command: %windir%\System32\uacinit.dll
Startup Type: Driver
Description: component of UACd.sys trojan (windowsclick.com hijacker)

How to remove: How to remove windowsclick.com redirect [UACd.sys trojan]

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: m9ma
Filename: m9ma.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}

CLSID: {f2e1c83a-e730-11dd-80d2-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}]
shell\AutoRun\command – m9ma.exe
shell\explore\command – m9ma.exe
shell\open\command – m9ma.exe

Description: Trojan/Win32.Inject.ldi (W32/Backdoor2)

How to remove: How to remove trojans that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: nfdmg
Filename: nfdmg.com
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}

CLSID: {a0b9b731-e792-11dd-80d3-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}]
shell\AutoRun\command – nfdmg.com
shell\explore\command – nfdmg.com
shell\open\command – nfdmg.com

Description: Trojan.Win32.VB (virus)

How to remove: How to remove nfdmg.com – trojan that uses autorun.inf file

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wcpfvd
Filename: wcpfvd.dll
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: wcpfvd.dll

Description: component of a trojan

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntdll64
Filename: ntdll64.dll
Command: c:\windows\temp\ntdll64.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll

Description: Trojan

How to remove: How to use LSP Fix to repair Winsock 2 settings

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msiconf
Filename: msiconf.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User ‘Default user’)

Description: Trojan

How to remove: Use HijackThis

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mudjhftr
Filename: mudjhftr.dll
Command: rundll32.exe “%windir%\system32\mudjhftr.dll”,b
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [606a9e0b] rundll32.exe “C:\WINDOWS\system32\mudjhftr.dll”,b

Description: component of trojan Vundo

How to remove: How to remove Trojan Vundo

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: frmwrk32
Filename: frmwrk32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Framework Windows] frmwrk32.exe

Description: Trojan

How to remove: Use HijackThis.

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: eneticab
Filename: eneticab.dll
Command: %windir%\eneticab.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Hqefudivosogike] rundll32.exe “C:\WINDOWS\eneticab.dll”,e

Description: component of trojan Vundo

How to remove: How to remove Trojan Vundo