It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: KB5625711
Filename: KB5625711.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | KB5625711.exe

Command: %AppData%\{RANDOM}\KB5625711.exe
Startup Type: HKCU->Run, Startup Folder
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [KB5625711.exe] C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
O4 – Startup: Malware Destructor.lnk = C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe

DDS Line:

uRun: [KB5625711.exe] C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“KB5625711.exe”=C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe

Description: core component of Malware Destructor 2011 (rogue antispyware)

How to remove: use the Malware Destructor 2011 removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [KB5625711.exe] C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe
O4 – Startup: Malware Destructor.lnk = C:\Documents and Settings\user\Application Data\692A3AB5356E8BA8D60B237EB24238F7\KB5625711.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM:3}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | XBV6RD5SZF

Command: %Temp%\{RANDOM:3}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\username\LOCALS~1\Temp\Ude.exe

DDS Line:

uRun: [XBV6RD5SZF] C:\DOCUME~1\username\LOCALS~1\Temp\Ude.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“XBV6RD5SZF”=C:\DOCUME~1\username\LOCALS~1\Temp\Ude.exe

Description: new variant of trojan FakeAlert that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Win-Trojan/Variant.183296.B [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“XBV6RD5SZF”=-

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AWM
Filename: AWM.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | awm

Command: %AppData%\AWM\AWM.exe
Startup Type:
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [awm] C:\Documents and Settings\username\Application Data\AWM\AWM.exe

DDS Line:

uRun: [awm] C:\Documents and Settings\username\Application Data\AWM\AWM.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“awm”=C:\Documents and Settings\username\Application Data\AWM\AWM.exe

Description: core component of AWM Antivirus

How to remove: use the AWM Antivirus removal guide or the steps below.

Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mediafix70700en02
Filename: mediafix70700en02.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | mediafix70700en02.exe

Command: %AppData%\{RANDOM}\mediafix70700en02.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

DDS Line:

uRun: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“mediafix70700en02.exe”=C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use the Antimalware Doctor removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a malware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: asectool.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AdvSecTool

Command: %UserProfile%\Application Data\asectool.exe
Startup Type: HKCU->Run
Description: rogue antivirus program

How to remove: use the Advanced Security Tool 2010 removal instructions

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: asectool
Filename: asectool.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AdvSecTool

Command: %UserProfile%\Application Data\asectool.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AdvSecTool] “%UserProfile%\Application Data\asectool.exe”

DDS Line:

uRun: [AdvSecTool] %UserProfile%\Application Data\asectool.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AdvSecTool”=%UserProfile%\Application Data\asectool.exe

Description: core component of Advanced Security Tool 2010 (rogue antispyware)

How to remove: use the Advanced Security Tool 2010 removal instructions.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntload
Filename: ntload.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | rundll32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %Windir%\system32\ntload.exe
Startup Type: Winlogon->Shell, HKLM->Run
HijackThis Category: F2, O4
HijackThis Line:

F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe

Description: component of Advanced Security Tool 2010 (rogue antispyware)

How to remove: use the Advanced Security Tool 2010 removal guide or or the steps below.

1. Download HijackThis from here and save it to your desktop. Most important, in the Save dialog, rename HijackThis.exe to iexplore.exe !!!
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: defender
Filename: defender.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | tmp

Command: %AppData%\defender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [tmp] C:\Documents and Settings\comp\Application Data\defender.exe

DDS Line:

uRun: [tmp] C:\Documents and Settings\comp\Application Data\defender.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“tmp”=C:\Documents and Settings\comp\Application Data\defender.exe

Description: core component of Microsoft Security Essentials Alert trojan

How to remove: use the fake Microsoft Security Essentials Alert removal instructions

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: newsecureapp70700
Filename: newsecureapp70700.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newsecureapp70700.exe

Command: %AppData%\{RANDOM}\newsecureapp70700.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [newsecureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9C\newsecureapp70700.exe

DDS Line:

uRun: [newsecureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9C\newsecureapp70700.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“newsecureapp70700.exe”=C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9C\newsecureapp70700.exe

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use the Antimalware Doctor removal instructions or the steps below.

1. Download HijackThis from here and save it to your desktop.
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [newsecureapp70700.exe] C:\Documents and Settings\User\Application Data\{RANDOM}\newsecureapp70700.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: secureapp70700
Filename: secureapp70700.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | secureapp70700.exe

Command: %AppData%\{RANDOM}\secureapp70700.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [secureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9A\secureapp70700.exe

DDS Line:

uRun: [secureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9A\secureapp70700.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“secureapp70700.exe”=C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9A\secureapp70700.exe

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use the Antimalware Doctor removal instructions or the steps below.

1. Download HijackThis from here and save it to your desktop.
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [secureapp70700.exe] C:\Documents and Settings\User\Application Data\{RANDOM}\secureapp70700.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).