What is Antivirus.NET, How to remove Antivirus .NET
Antivirus .NET is a harmful program.
It is a fake security program, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Antivirus .NET associated files and folders:
%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe
Antivirus .NET associated registry keys and values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:30215″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows Antivirus .NET:
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Description: Antivirus .NET is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, Antivirus.NET will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Antivirus .NET from your computer for free using legitimate free antimalware software.
How to remove: use the Antivirus .NET removal instructions or the steps below.
1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download HijackThis from here and save it to your desktop.
4. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:
O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe
Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
5. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).
February 2nd, 2011 at 9:34 am
Will system restore also work?
February 2nd, 2011 at 10:12 am
System restore did not work in Safe Mode. So, I followed the directions above, but the line of code O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe does not appear in the scan results. I pasted the log file of what it did find below. Any other suggestions would be appreciated!
Bill60137
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:10 AM, on 2/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bmudge\Desktop\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8992
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 – BHO: vShare Plugin – {043C5167-00BB-4324-AF7E-62013FAEDACF} – C:\Program Files\vShare\vshare_toolbar.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: DriveLetterAccess – {5CA3D70E-1895-11CF-8E15-001234567890} – C:\WINDOWS\system32\dla\tfswshx.dll
O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: Google Gears Helper – {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} – C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 – Toolbar: vShare Plugin – {043C5167-00BB-4324-AF7E-62013FAEDACF} – C:\Program Files\vShare\vshare_toolbar.dll
O4 – HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 – HKLM\..\Run: [EzPrint] “C:\Program Files\Lexmark 2400 Series\ezprint.exe”
O4 – HKLM\..\Run: [lxcrmon.exe] “C:\Program Files\Lexmark 2400 Series\lxcrmon.exe”
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [Live! Central 2] “C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe” /mode2
O4 – HKLM\..\Run: [V0640Mon.exe] C:\WINDOWS\V0640Mon.exe
O4 – HKLM\..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [Udazewidumuh] rundll32.exe “C:\WINDOWS\esiwijehulal.dll”,Startup
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 – HKCU\..\Run: [CreativeTaskScheduler] “C:\Program Files\Creative\Shared Files\CTSched.exe” /logon
O4 – HKCU\..\Run: [btysaybn] C:\DOCUME~1\bmudge\LOCALS~1\Temp\kbgdydgcb\bgxteausjmo.exe
O4 – HKCU\..\Run: [Xmawurixuq] rundll32.exe “C:\WINDOWS\kbmpcure.dll”,Startup
O4 – HKCU\..\Run: [QbyEjDmJqwk.exe] C:\Documents and Settings\All Users\Application Data\QbyEjDmJqwk.exe
O4 – HKCU\..\Run: [10BDSyJoqj2F] C:\Documents and Settings\All Users\Application Data\10BDSyJoqj2F.exe
O4 – HKUS\S-1-5-18\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: (no name) – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll
O9 – Extra ‘Tools’ menuitem: &Gears Settings – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll
O9 – Extra button: Create Mobile Favorite – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 – Extra ‘Tools’ menuitem: Create Mobile Favorite… – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 – Extra button: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: http://*.nwmls.com
O15 – Trusted Zone: http://*.rapmls.com
O16 – DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) – https://lm-learnlinc-2.ilinc.com/download/ilinci77.dll
O16 – DPF: {03A89EFD-E023-8000-A22D-45F77558EB4C} (ILINCInstall80 Class) – https://lm-learnlinc-7.ilinc.com/download/ilinci80.dll
O16 – DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) – https://content.ilinc.com/clientdownload/download/ilinci86.dll
O16 – DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) – http://cren.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) – http://www.myfamily.com/plugins/ue/Install_UE.exe
O16 – DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) – http://inst.c-wss.com/141p/html/gtdownlr.cab
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 – DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) – http://rd1.surfernetwork.com/surferplugin.ocx
O16 – DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} – http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 – DPF: {4A57CD04-E031-4E91-A896-DD6EADAEA48D} – https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 – DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) – http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 – DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) – https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=b98d65a81a116cce81cf8f69d08f01b4&url=http%3A%2F%2Fd.66.155.171.22.downloads.estara.com.%2Fas%2FOneCCDM.php&template=107051&sessionid=943190085_66.155.171.22_46573&=&req=1277692458906OneCC.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133738830671
O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 – DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) – http://ml.sitexdata.com/farm/arview2.cab
O16 – DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) – http://www.wtmx.com/AxisCamControl.ocx
O16 – DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) – https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 – DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) – http://www.investors.com/member/ocx/plotwon.ocx
O16 – DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) – http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 – DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) – http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) – http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_3.cab
O16 – DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} – http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 – DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) – http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 – DPF: {D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} (SystemChecker.CheckerCtrl) – http://rayac.fnismls.com/Paragon/Codebase/SystemChecker.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553526400} – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} – http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_2.cab
O16 – DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) – http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O16 – DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) – http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{9691088A-30A7-4B61-9838-8820BF6272E8}: NameServer = 12.2.232.2,12.2.232.3
O18 – Protocol: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 – Protocol: vsharechrome – {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} – C:\Program Files\vShare\vshare_toolbar.dll
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 – Service: Adaptive Server Anywhere – FTCS (ASANYs_FTCS) – Unknown owner – (no file)
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: Google Update Service (gupdate1c9acb23538ff36) (gupdate1c9acb23538ff36) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 – Service: lxcr_device – – C:\WINDOWS\system32\lxcrcoms.exe
O23 – Service: Symantec Management Client (SmcService) – Symantec Corporation – C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 – Service: Symantec Endpoint Protection (Symantec AntiVirus) – Symantec Corporation – C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 – Service: Dell Wireless WLAN Tray Service (wltrysvc) – Unknown owner – C:\WINDOWS\System32\wltrysvc.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 – Desktop Component 0: (no name) – (no file)
—
End of file – 15146 bytes
February 14th, 2011 at 6:06 am
Fix the following entries:
O4 – HKLM\..\Run: [Udazewidumuh] rundll32.exe “C:\WINDOWS\esiwijehulal.dll”,Startup
O4 – HKCU\..\Run: [btysaybn] C:\DOCUME~1\bmudge\LOCALS~1\Temp\kbgdydgcb\bgxteausjmo.exe
O4 – HKCU\..\Run: [Xmawurixuq] rundll32.exe “C:\WINDOWS\kbmpcure.dll”,Startup
O4 – HKCU\..\Run: [QbyEjDmJqwk.exe] C:\Documents and Settings\All Users\Application Data\QbyEjDmJqwk.exe
O4 – HKCU\..\Run: [10BDSyJoqj2F] C:\Documents and Settings\All Users\Application Data\10BDSyJoqj2F.exe