It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winxn
Filename: winxn.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WinXn

Command: %Temp%\winxn.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WinXn] %Temp%\winxn.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“WinXn”=%Temp%\winxn.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

It is a fake security program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Windows Troubles Remover associated files and folders:

%AppData%\Microsoft\[RANDOM CHARACTERS].exe

Windows Troubles Remover associated registry keys and values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\[RANDOM CHARACTERS].exe”

Core filename: [RANDOM CHARACTERS].exe
Description:Windows Troubles Remover is a fake antivirus program that installed through the use of Microsoft Security Essentials Alert trojan without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, this malware will display numerous fake security alerts and block legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake antivirus! Instead, follow the removal guide below to remove Windows Troubles Remover from your computer for free using legitimate free antimalware software.

How to remove: use the Windows Troubles Remover removal instructions.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_System_2011
Filename: AntiVirus_System_2011.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus System 2011

Command: C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus System 2011] “C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP

DDS Line:

uRun: [AntiVirus System 2011] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus System 2011″=C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Description: core component of fake antivirus program named AntiVirus System 2011.

How to remove: use the AntiVirus System 2011 removal instructions.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: andy145
Filename: andy145.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | xuri49tkd

Command: C:\windows\andy145.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xuri49tkd] C:\windows\andy145.exe

DDS Line:

mRun: [xuri49tkd] C:\windows\andy145.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“xuri49tkd”=C:\windows\andy145.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cryptnet32
Filename: cryptnet32.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32

Command: C:\WINDOWS\SYSTEM32\cryptnet32.dll
Startup Type: Winlogon->Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: cryptnet32 – C:\WINDOWS\SYSTEM32\cryptnet32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32]
2010-12-08 17:31 48128 —-a-w- C:\WINDOWS\SYSTEM32\cryptnet32.dll

Description: Trojan:Win32/Lukicsel.H [Microsoft]

How to remove: use HijackThis + SUPERAntiSpyware

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Security_Inspector_2010
Filename: Security_Inspector_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Inspector 2010

Command: %AppData%\Security Inspector 2010\Security_Inspector_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

DDS Line:

uRun: [Security Inspector 2010] C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Inspector 2010″=C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Description: core component of Security Inspector 2010 (rogue antispyware program)

How to remove: use the Security Inspector 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_Solution_2010
Filename: AntiVirus_Solution_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Solution 2010

Command: %AppData%\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus Solution 2010] “C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe” /STARTUP

DDS Line:

uRun: [AntiVirus Solution 2010] C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Solution 2010″=C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe

Description: core component of AntiVirus Solution 2010 (fake antivirus)

How to remove: use the AntiVirus Solution 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [AntiVirus Solution 2010] “C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dirhuntsetup70700
Filename: dirhuntsetup70700.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | dirhuntsetup70700.exe

Command: %AppData%\{RANDOM}\dirhuntsetup70700.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [dirhuntsetup70700.exe] C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

DDS Line:

uRun: [dirhuntsetup70700.exe] C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“dirhuntsetup70700.exe”=C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use the Antimalware Doctor removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [dirhuntsetup70700.exe] C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: desktoplayer
Filename: desktoplayer.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon | Userinit

Command: c:\program files\microsoft\desktoplayer.exe
Startup Type: HKLM->Winlogon->Userinit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

DDS Line:

mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=”c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe”

Description: component of Win32.ramnit trojan

How to remove: use HijackThis + Kaspersky virus removal tool

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: terrapoint700x0main
Filename: terrapoint700x0main.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | terrapoint700x0main.exe

Command: %AppData%\{RANDOM}\terrapoint700x0main.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [terrapoint700x0main.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

DDS Line:

uRun: [terrapoint700x0main.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“terrapoint700x0main.exe”=C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use the Antimalware Doctor removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [terrapoint700x0main.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).