It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cryptnet32
Filename: cryptnet32.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32

Command: C:\WINDOWS\SYSTEM32\cryptnet32.dll
Startup Type: Winlogon->Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: cryptnet32 – C:\WINDOWS\SYSTEM32\cryptnet32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32]
2010-12-08 17:31 48128 —-a-w- C:\WINDOWS\SYSTEM32\cryptnet32.dll

Description: Trojan:Win32/Lukicsel.H [Microsoft]

How to remove: use HijackThis + SUPERAntiSpyware

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: desktoplayer
Filename: desktoplayer.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon | Userinit

Command: c:\program files\microsoft\desktoplayer.exe
Startup Type: HKLM->Winlogon->Userinit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

DDS Line:

mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=”c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe”

Description: component of Win32.ramnit trojan

How to remove: use HijackThis + Kaspersky virus removal tool

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: tskmgr
Filename: tskmgr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | waults

Command: %AppData%\tskmgr.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Policies\Explorer\Run: [waults] C:\Documents and Settings\Username\Application Data\tskmgr.exe

Description: a trojan

How to remove: use HijackThis + Kaspersky virus removal tool

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: complmgr
Filename: complmgr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | COM+ Manage

Command: %UserProfile%\.COMMgr\complmgr.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [COM+ Manager] “C:\Documents and Settings\Username\.COMMgr\complmgr.exe”

DDS Line:

uRun: [COM+ Manager] C:\Documents and Settings\Username\.COMMgr\complmgr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“COM+ Manager”=C:\Documents and Settings\Username\.COMMgr\complmgr.exe

Description: trojan known as Downloader [Symantec], Trojan.Win32.Scar.bueu [Kaspersky Lab], Generic Downloader.x!dju [McAfee], Mal/Generic-L [Sophos], TrojanDownloader:Win32/Scar.B [Microsoft], Trojan.Win32.Scar [Ikarus]

How to remove: use HijackThis + Kaspersky virus removal tool or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“COM+ Manager”=-

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Kaspersky virus removal tool. Run, perform a scan and let it remove what it found.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM:3}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | 3FWHZQA3LT

Command: %Temp%\{RANDOM:3}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [3FWHZQA3LT] C:\DOCUME~1\username\LOCALS~1\Temp\Qwd.exe

DDS Line:

uRun: [3FWHZQA3LT] C:\DOCUME~1\username\LOCALS~1\Temp\Qwd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“3FWHZQA3LT”=C:\DOCUME~1\username\LOCALS~1\Temp\Qwd.exe

Description: new variant of trojan FakeAlert that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Win-Trojan/Variant.183296.B [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“3FWHZQA3LT”=-

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM:3}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ASH24SXZ9S

Command: %Temp%\{RANDOM:3}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ASH24SXZ9S] C:\DOCUME~1\username\LOCALS~1\Temp\Qwd.exe

DDS Line:

uRun: [ASH24SXZ9S] C:\DOCUME~1\username\LOCALS~1\Temp\Qwd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ASH24SXZ9S”=C:\DOCUME~1\username\LOCALS~1\Temp\Qwd.exe

Description: new variant of trojan FakeAlert that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Win-Trojan/Variant.183296.B [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ASH24SXZ9S”=-

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dfrgsnapnt
Filename: dfrgsnapnt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | dfrgsnapnt.exe

Command: %TEMP%\dfrgsnapnt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [dfrgsnapnt.exe] C:\WINDOWS\TEMP\dfrgsnapnt.exe

DDS Line:

uRun: [dfrgsnapnt.exe] C:\WINDOWS\TEMP\dfrgsnapnt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“dfrgsnapnt.exe”=C:\WINDOWS\TEMP\dfrgsnapnt.exe

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM:3}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | YXE7DXCQ37

Command: %Temp%\{RANDOM:3}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [YXE7DXCQ37] C:\DOCUME~1\username\LOCALS~1\Temp\Rch.exe

DDS Line:

uRun: [YXE7DXCQ37] C:\DOCUME~1\username\LOCALS~1\Temp\Rch.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“YXE7DXCQ37″=C:\DOCUME~1\username\LOCALS~1\Temp\Rch.exe

Description: new variant of trojan FakeAlert that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Win-Trojan/Variant.183296.B [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“YXE7DXCQ37”=-

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM:3}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | XBV6RD5SZF

Command: %Temp%\{RANDOM:3}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\username\LOCALS~1\Temp\Ude.exe

DDS Line:

uRun: [XBV6RD5SZF] C:\DOCUME~1\username\LOCALS~1\Temp\Ude.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“XBV6RD5SZF”=C:\DOCUME~1\username\LOCALS~1\Temp\Ude.exe

Description: new variant of trojan FakeAlert that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Win-Trojan/Variant.183296.B [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“XBV6RD5SZF”=-

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: defender
Filename: defender.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | tmp

Command: %AppData%\defender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [tmp] C:\Documents and Settings\comp\Application Data\defender.exe

DDS Line:

uRun: [tmp] C:\Documents and Settings\comp\Application Data\defender.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“tmp”=C:\Documents and Settings\comp\Application Data\defender.exe

Description: core component of Microsoft Security Essentials Alert trojan

How to remove: use the fake Microsoft Security Essentials Alert removal instructions