What is Antivirus.NET, How to remove Antivirus .NET


Antivirus .NET is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Antivirus .NET associated files and folders:

%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe

Antivirus .NET associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:30215″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows Antivirus .NET:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Description: Antivirus .NET is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, Antivirus.NET will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Antivirus .NET from your computer for free using legitimate free antimalware software.

How to remove: use the Antivirus .NET removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
3. Download HijackThis from here and save it to your desktop.
4. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
5. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

3 Responses to “What is Antivirus.NET, How to remove Antivirus .NET”

  1. Bill60137 Says:

    Will system restore also work?

  2. bill60137 Says:

    System restore did not work in Safe Mode. So, I followed the directions above, but the line of code O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe does not appear in the scan results. I pasted the log file of what it did find below. Any other suggestions would be appreciated!
    Bill60137

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:59:10 AM, on 2/2/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\bmudge\Desktop\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8992
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 – BHO: vShare Plugin – {043C5167-00BB-4324-AF7E-62013FAEDACF} – C:\Program Files\vShare\vshare_toolbar.dll
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: DriveLetterAccess – {5CA3D70E-1895-11CF-8E15-001234567890} – C:\WINDOWS\system32\dla\tfswshx.dll
    O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: Google Gears Helper – {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} – C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 – Toolbar: vShare Plugin – {043C5167-00BB-4324-AF7E-62013FAEDACF} – C:\Program Files\vShare\vshare_toolbar.dll
    O4 – HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 – HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
    O4 – HKLM\..\Run: [EzPrint] “C:\Program Files\Lexmark 2400 Series\ezprint.exe”
    O4 – HKLM\..\Run: [lxcrmon.exe] “C:\Program Files\Lexmark 2400 Series\lxcrmon.exe”
    O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
    O4 – HKLM\..\Run: [Live! Central 2] “C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe” /mode2
    O4 – HKLM\..\Run: [V0640Mon.exe] C:\WINDOWS\V0640Mon.exe
    O4 – HKLM\..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
    O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
    O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
    O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [Udazewidumuh] rundll32.exe “C:\WINDOWS\esiwijehulal.dll”,Startup
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
    O4 – HKCU\..\Run: [CreativeTaskScheduler] “C:\Program Files\Creative\Shared Files\CTSched.exe” /logon
    O4 – HKCU\..\Run: [btysaybn] C:\DOCUME~1\bmudge\LOCALS~1\Temp\kbgdydgcb\bgxteausjmo.exe
    O4 – HKCU\..\Run: [Xmawurixuq] rundll32.exe “C:\WINDOWS\kbmpcure.dll”,Startup
    O4 – HKCU\..\Run: [QbyEjDmJqwk.exe] C:\Documents and Settings\All Users\Application Data\QbyEjDmJqwk.exe
    O4 – HKCU\..\Run: [10BDSyJoqj2F] C:\Documents and Settings\All Users\Application Data\10BDSyJoqj2F.exe
    O4 – HKUS\S-1-5-18\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
    O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll
    O9 – Extra ‘Tools’ menuitem: &Gears Settings – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:\Program Files\Google\Google Gears\Internet Explorer.5.36.0\gears.dll
    O9 – Extra button: Create Mobile Favorite – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 – Extra ‘Tools’ menuitem: Create Mobile Favorite… – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 – Extra button: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O15 – Trusted Zone: http://*.nwmls.com
    O15 – Trusted Zone: http://*.rapmls.com
    O16 – DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) – https://lm-learnlinc-2.ilinc.com/download/ilinci77.dll
    O16 – DPF: {03A89EFD-E023-8000-A22D-45F77558EB4C} (ILINCInstall80 Class) – https://lm-learnlinc-7.ilinc.com/download/ilinci80.dll
    O16 – DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) – https://content.ilinc.com/clientdownload/download/ilinci86.dll
    O16 – DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) – http://cren.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
    O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
    O16 – DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) – http://www.myfamily.com/plugins/ue/Install_UE.exe
    O16 – DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) – http://inst.c-wss.com/141p/html/gtdownlr.cab
    O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 – DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) – http://rd1.surfernetwork.com/surferplugin.ocx
    O16 – DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} – http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
    O16 – DPF: {4A57CD04-E031-4E91-A896-DD6EADAEA48D} – https://na3.salesforce.com/setup/outlook/setups2/install.cab
    O16 – DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) – http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 – DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) – https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=b98d65a81a116cce81cf8f69d08f01b4&url=http%3A%2F%2Fd.66.155.171.22.downloads.estara.com.%2Fas%2FOneCCDM.php&template=107051&sessionid=943190085_66.155.171.22_46573&=&req=1277692458906OneCC.cab
    O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133738830671
    O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 – DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) – http://ml.sitexdata.com/farm/arview2.cab
    O16 – DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) – http://www.wtmx.com/AxisCamControl.ocx
    O16 – DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) – https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 – DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) – http://www.investors.com/member/ocx/plotwon.ocx
    O16 – DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) – http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 – DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) – http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 – DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) – http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_3.cab
    O16 – DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} – http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
    O16 – DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) – http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 – DPF: {D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} (SystemChecker.CheckerCtrl) – http://rayac.fnismls.com/Paragon/Codebase/SystemChecker.cab
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553526400} – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 – DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} – http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_2.cab
    O16 – DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) – http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    O16 – DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) – http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
    O17 – HKLM\System\CCS\Services\Tcpip\..\{9691088A-30A7-4B61-9838-8820BF6272E8}: NameServer = 12.2.232.2,12.2.232.3
    O18 – Protocol: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 – Protocol: vsharechrome – {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} – C:\Program Files\vShare\vshare_toolbar.dll
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
    O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 – Service: Adaptive Server Anywhere – FTCS (ASANYs_FTCS) – Unknown owner – (no file)
    O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
    O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 – Service: Google Update Service (gupdate1c9acb23538ff36) (gupdate1c9acb23538ff36) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 – Service: lxcr_device – – C:\WINDOWS\system32\lxcrcoms.exe
    O23 – Service: Symantec Management Client (SmcService) – Symantec Corporation – C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 – Service: Symantec Endpoint Protection (Symantec AntiVirus) – Symantec Corporation – C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 – Service: Dell Wireless WLAN Tray Service (wltrysvc) – Unknown owner – C:\WINDOWS\System32\wltrysvc.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O24 – Desktop Component 0: (no name) – (no file)


    End of file – 15146 bytes

  3. admin Says:

    Fix the following entries:
    O4 – HKLM\..\Run: [Udazewidumuh] rundll32.exe “C:\WINDOWS\esiwijehulal.dll”,Startup
    O4 – HKCU\..\Run: [btysaybn] C:\DOCUME~1\bmudge\LOCALS~1\Temp\kbgdydgcb\bgxteausjmo.exe
    O4 – HKCU\..\Run: [Xmawurixuq] rundll32.exe “C:\WINDOWS\kbmpcure.dll”,Startup
    O4 – HKCU\..\Run: [QbyEjDmJqwk.exe] C:\Documents and Settings\All Users\Application Data\QbyEjDmJqwk.exe
    O4 – HKCU\..\Run: [10BDSyJoqj2F] C:\Documents and Settings\All Users\Application Data\10BDSyJoqj2F.exe

Leave a Reply