PCBugSquad

Trace Sweeper is a rogue privacy software that when run on your computer displays fake an exaggerated results that cannot be removed unless you first purchase the software. The program is also set to run automatically when your computer starts, which will cause your computer to operate slower and create pop-ups about how you should register the software.

Trace Sweeper screen shot

Automatic Removal Method

If you are infected with this malware, then we suggest you use Symantec Antivirus to remove this infection. The current definitions for Symantec Antivirus contains methods of removing this virus.

Download Symantec Antivirus to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

tracesweeper.exe

Delete these files:
Lean how to remove files

c:\Program Files\Trace Sweeper
c:\Program Files\Trace Sweeper\tracesweeper.exe
c:\Program Files\Trace Sweeper\tracesweeper.url
c:\Program Files\Trace Sweeper\unins000.dat
c:\Program Files\Trace Sweeper\unins000.exe
c:\Documents and Settings\All Users\Start Menu\Programs\Trace Sweeper
c:\Documents and Settings\All Users\Start Menu\Programs\Trace Sweeper\Trace Sweeper on the Web.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Trace Sweeper\Trace Sweeper.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Trace Sweeper\Uninstall Trace Sweeper.lnk

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly. Please edit the Registry only if you know what you are doing. Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”tracesweeper”
=”C:\Program Files\Trace Sweeper\tracesweeper.exe”

Secure Expert Cleaner is a program that states it can make your computer secure by cleaning it of security risks.  Unfortunately, this program does not live up to its name.  Secure Expert Cleaner will scan your computer and list legitimate programs as risks and state that they are dangerous.  Then, in order to remove them, you need to first purchase the software.

This software is a scam and should be avoided as you will only be wasting your money and not actually cleaning your computer.

Secure Expert Cleaner

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove Secure Expert Cleaner from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

Download Spyware Doctor to scan your computer for free

Manual Removal Instructions

End these processes:

Learn how to end processes

SEC.exe

Delete these files:
Lean how to remove files

c:\Documents and Settings\All Users\Application Data\SEC
c:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner
<userprofile>\Local Settings\Temp\is-ROV72.tmp
c:\Program Files\SecureExpertCleaner
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT
c:\Documents and Settings\All Users\Desktop\Launch SecureExpertCleaner.lnk
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db
c:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner\Launch SecureExpertCleaner.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner\Uninstall SecureExpertCleaner.lnk
<userprofile>\Application Data\Microsoft\Internet Explorer\Quick Launch\SecureExpertCleaner.lnk
c:\Program Files\SecureExpertCleaner\mfc80.dll
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest
c:\Program Files\SecureExpertCleaner\Reminder.exe
c:\Program Files\SecureExpertCleaner\SEC.exe
c:\Program Files\SecureExpertCleaner\SEC.ico
c:\Program Files\SecureExpertCleaner\SEC.xml
c:\Program Files\SecureExpertCleaner\unins.ico
c:\Program Files\SecureExpertCleaner\unins000.dat
c:\Program Files\SecureExpertCleaner\unins000.exe
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcr80.dll

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\SEC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3P_USEC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\SEC

XLGuarder, or XLG Security Center, is a rogue anti-spyware program that displays deliberate false information about infections found on your computer.  This malware is typical for its type:

• Shows false results
• Won’t let you remove any supposed infections unless you first purchase the software.
• Hijacks the Internet Explorer Start page.
• Makes your computer slower.
• Provides no way of contacting the developers of the software.

Overall, this software is a scam and should be avoided at all cost.  Please use the automated or manual removal instructions below to remove this infection.

XLGuarder or XLG Security Center image

Automatic Removal Method

If you are infected with this malware, then we suggest you use Symantec Antivirus to remove this infection. It is know to be able to remove this malware and XLG Security Center is included in its current virus definitions.  A big thumbs up for Symantec adding this to removal definitions so quickly!

Download Symantec Antivirus to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

sysutil.exe

Delete these files:
Lean how to remove files

<userprofile>Start MenuProgramsProtection
c:windowssysutils
c:windowssysutilswarning
c:windowssysutilssounds
c:windowssysutilssettings.ini
c:windowssysutilssysutil.exe
c:windowssysutilssysutil_s.exe
c:windowssysutilsuninstall.exe
c:windowssysutilswinsystip.exe
c:windowssysutilssounds�1.wav
c:windowssysutilssounds�2.wav
c:windowssysutilssounds�3.wav
c:windowssysutilswarningalertpage.jpg
c:windowssysutilswarningspacer.gif
c:windowssysutilswarningwarningpage.html
<userprofile>Start MenuProgramsProtectionUninstall XLG.lnk
c:windowsiebho.dll

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CLASSES_ROOTCLSID{D032570A-5F63-4812-A094-87D007C23012}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D032570A-5F63-4812-A094-87D007C23012}
HKEY_CURRENT_USERSoftwaresysutils
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallsysutils

THe USS.exe Trojan is an executable that gets installed on your computer along with other malware.  This infection will also install a service called wasfsd that uses the filename C:\Windows\System32\drivers\System32. When running, this Trojan will display fake alerts that state your computer is being attacked or is infected with particular infections.  It will then ask if you would like to block or fix these infections, and if you specify yes, will open up an Internet Explorer window where it prompts you to buy Trusted Antivirus.

Fake alerts from USS.exe

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove USS.exe Trojan from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

Download Spyware Doctor to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

USS.exe

Delete these files:
Lean how to remove files

c:\END
c:\Program Files\USS
c:\Program Files\USS\unins000.dat
c:\Program Files\USS\unins000.exe
c:\Program Files\USS\USS.exe
c:\Program Files\USS\#agents
c:\Program Files\USS\#agents\53
c:\Program Files\USS\#agents\53\#startup
c:\Program Files\USS\#monitors
c:\Program Files\USS\#monitors\DirMonitor
c:\Program Files\USS\#monitors\FileMonitor
c:\Program Files\USS\#monitors\RegMonitor
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.dll
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.xml
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\kernel.dll
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.dat
c:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.exe
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.xml
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.xml
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcp71.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcr71.dll
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.dat
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.exe
c:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\GSCRPlugin.dll
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.dat
c:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.exe
c:\WINDOWS\system32\drivers\wasfsd.sys

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\USLst
HKEY_CURRENT_USER\Software\USS
HKEY_CLASSES_ROOT\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
HKEY_CLASSES_ROOT\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
HKEY_CLASSES_ROOT\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42622}
HKEY_CLASSES_ROOT\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
HKEY_CLASSES_ROOT\wasfsd.CreationNotifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_{D1957FF4-EA22-4b4a-81A1-C62068479DED}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_{EC572088-91C7-4293-93F9-93D40B0E0B36}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_is1
HKEY_LOCAL_MACHINE\SOFTWARE\USS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wasfsd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wasfsd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => USS

InternetSecurityDeluxe is a very deceptive and misleading anti-spyware program. It proclaims that is a top pick of some made-up magazines and had high reviews on sites that don’t have any listing of this.  Then when you run the software, it states you have infections but will not tell you what they are.  To remove these infections, you would then have to purchase the software.

From initial tests and research on the Internet, this rogue does not appear to have any malware bundled with it.  It does though occasionally popup messages through its popuper.exe application.

When you uninstall the application it will also leave behind most of the files associated with this application as well as a program that will continue to start.  This program is popuper.exe.  Due to this, it is advised that you use Spyware Doctor to scan your computer for this infection so that your computer is not only clean of infection, but running better.

InternetSecurityDeluxe

Vague Results

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove InternetSecurityDeluxe from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

Download Spyware Doctor to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

popuper.exe
SystemService.exe
InternetSecurityDeluxe.exe
InternetSecurityDeluxeSetup[1].exe

Delete these files:
Lean how to remove files

<userprofile>\Local Settings\Temp\{463F3580-9041-400d-BAA6-1118D3570D41}
<userprofile>\Local Settings\Temp\{629CB163-22C0-41F7-BD7E-997B4F3B2C95}
c:\Program Files\InternetSecurityDeluxe
c:\Documents and Settings\All Users\Start Menu\Programs\InternetSecurityDeluxe.lnk
c:\Program Files\InternetSecurityDeluxe\Controls.dll
c:\Program Files\InternetSecurityDeluxe\InternetSecurityDeluxe.application
c:\Program Files\InternetSecurityDeluxe\InternetSecurityDeluxe.exe
c:\Program Files\InternetSecurityDeluxe\InternetSecurityDeluxe.exe.manifest
c:\Program Files\InternetSecurityDeluxe\ScanEngine.dll
c:\Program Files\InternetSecurityDeluxe\ServiceInterface.dll
c:\WINDOWS\Installer\27a127.msi
c:\WINDOWS\system32\Controls.dll
c:\WINDOWS\system32\InstallUtil.InstallLog
c:\WINDOWS\system32\Popuper.exe
c:\WINDOWS\system32\ScanEngine.dll
c:\WINDOWS\system32\ServiceInterface.dll
c:\WINDOWS\system32\ServiceObject.dll
c:\WINDOWS\system32\SystemService.application
c:\WINDOWS\system32\SystemService.exe
c:\WINDOWS\system32\SystemService.exe.manifest
c:\WINDOWS\system32\SystemService.InstallLog
c:\WINDOWS\system32\SystemService.InstallState

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|InternetSecurityDeluxe|Controls.dll
HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|InternetSecurityDeluxe|InternetSecurityDeluxe.exe
HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|InternetSecurityDeluxe|ScanEngine.dll
HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|InternetSecurityDeluxe|ServiceInterface.dll
HKEY_CLASSES_ROOT\Installer\Features\0BEB3C9987A437848BFC0744983750CD
HKEY_CLASSES_ROOT\Installer\Products\0BEB3C9987A437848BFC0744983750CD
HKEY_CLASSES_ROOT\Installer\Products\0BEB3C9987A437848BFC0744983750CD\SourceList
HKEY_CLASSES_ROOT\Installer\Products\0BEB3C9987A437848BFC0744983750CD\SourceList\Media
HKEY_CLASSES_ROOT\Installer\Products\0BEB3C9987A437848BFC0744983750CD\SourceList\Net
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\D2FB1F8FCC9FA1543AF0066D3BBB86BB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\D2FB1F8FCC9FA1543AF0066D3BBB86BB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C3BEB0-4A78-4873-B8CF-7044897305DC}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSTEMSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SystemService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SystemService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSTEMSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SystemService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => InternetSecurityDeluxe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => Notifications

AntiSpyCheck is a rogue anti-spyware program installed through the Zlob Trojan.  The Zlob Trojan is an infection which pretends to be a program required to watch a video online.  When you install it, though, it instead installs AntiSpyCheck on to your computer.

AntiSpyCheck works just like all of the rest.  It scans your computer, displays fake findings, and then asks you to purchase it before you can remove anything.  To make matters worse, it’s constant registration requests can bring your computer to a crawl.

It is advised that you use Spyware Doctor to scan your computer for this infection so that your computer is not only clean of infection, but running better.

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove AntiSpyCheck from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

Download Spyware Doctor to scan your computer for free

Manual Removal Instructions

End these processes:

Learn how to end processes

AntiSpyCheck.exe

Delete these files:
Lean how to remove files

<userprofile>\Start Menu\Programs\AntiSpyCheck 2.1.0
c:\Program Files\AntiSpyCheck
<userprofile>\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyCheck 2.1.0.lnk
<userprofile>\Desktop\AntiSpyCheck 2.1.0.lnk
<userprofile>\Local Settings\Temp\~DF6B1B.tmp
<userprofile>\Start Menu\AntiSpyCheck 2.1.0.lnk
<userprofile>\Start Menu\Programs\AntiSpyCheck 2.1.0\AntiSpyCheck 2.1.0.lnk
c:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
c:\Program Files\AntiSpyCheck\IEWarning.dll
c:\Program Files\AntiSpyCheck\uninst.exe

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\AntiSpyCheck
HKEY_CURRENT_USER\Software\AntiSpyCheck\Update
HKEY_CLASSES_ROOT\CLSID\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}
HKEY_CLASSES_ROOT\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}
HKEY_CLASSES_ROOT\IEWarning.WarningBHO
HKEY_CLASSES_ROOT\IEWarning.WarningBHO.1
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyCheck.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run => AntiSpyCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => AntiSpyCheck 2.1.0

AntiSpyware 2008 is a fake anti-spyware program that tries to scam you into purchasing the software by showing misleading results.  When the program runs, it will scan your computer and AntiSpyware 2008 will state that you have infections on your computer.  These infections, though, do not exist at all anywhere on your computer.

While running on your computer in the background, it will also slow down your computer and popup fake alerts stating that something is attacking you. It also changes your Internet Explorer homepage to a page where you can buy AntiSpyware 2008 as well as a random warning when you go to a new site that states your computer is infected.

All in all, this program is a scam and nothing it say should be believed.  We advise you to download and install Spyware Doctor to scan your computer for free.

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to scan your computer for AntiSpyware 2008 from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

Download Spyware Doctor to scan your computer for free

Manual Removal Instructions

End these processes:

Learn how to end processes

Antispyware-2008.exe

Delete these files:

Lean how to remove files

<userprofile>\Start Menu\Programs\Antispyware 2008
c:\Program Files\Antispyware 2008
c:\Program Files\Antispyware 2008\Infected
c:\Program Files\Antispyware 2008\Suspicious
<userprofile>\Application Data\Microsoft\Internet Explorer\Quick Launch\Antispyware-2008.lnk
<userprofile>\Desktop\Antispyware-2008.lnk
<userprofile>\Local Settings\Temp\a.exe
<userprofile>\Local Settings\Temporary Internet Files\Content.IE5\0L6FS9QR\Antispyware2008[1].exe
<userprofile>\Start Menu\Programs\Antispyware 2008\Antispyware-2008.lnk
c:\Program Files\Antispyware 2008\Antispyware-2008.exe
c:\Program Files\Antispyware 2008\vscan.tsi
c:\Program Files\Antispyware 2008\zlib.dll
c:\WINDOWS\system32\ntdll64.dll ->  Please note that deleting this file incorrectly could cause loss of connectivity on your computer.

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\Antispyware 2008
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run => Antispyware-2008.exe

Antivirus Master is a new rogue anti-spyware program that is a master of nothing.  This program proclaims itself as a master of removing malware from your computer.  In reality, though, this program is the actual infection.  When Antivirus Master scans your computer it will list infections that do not exist.  Then, in order to remove these infections, you must first purchase the software in order to do so.  As we did not purchase it, I am sure once it was purchased those threats would immediately be gone.

It is advised that you use Spyware Doctor to scan your computer for this infection.  If left on your computer, this infection will slow it down and make it harder to use.

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove Antivirus Master from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware and is known to remove Antivirus Master as shown by the screen shot below.

Download Spyware Doctor to scan your computer for free

Click to see a screen shot of Spyware Doctor Detecting
Antivirus Master

Manual Removal Instructions

End these processes:

Learn how to end processes

avm.exe

Delete these files:
Lean how to remove files

c:\Program Files\AVM
<userprofile>\Desktop\Antivirus Master.lnk
<userprofile>\Recent\antivirus-master.lnk
c:\Program Files\AVM\avm.cpl
c:\Program Files\AVM\avm.exe
c:\Program Files\AVM\avm0.dat
c:\Program Files\AVM\avm1.dat
c:\WINDOWS\system32\avm.cpl

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\AntiVirus
HKEY_CURRENT_USER\Software\AVM
HKEY_CLASSES_ROOT\.keyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus”

PCTotalDefender is a new rogue anti-spyware program that displays fake information in order to scare you into purchasing the program.  This program is typically advertised through sites that pretend to be scanning your computer. In reality they are just advertisements trying to trick you into purchasing the program. It is suggested that you remove this infection as it is known to slow down your computer and display popups for other rogue anti-spyware programs.

Automatic Removal Method

We recommend that you install Spyware Doctor from PCTools in order to remove PCTotalDefender from your computer. Spyware Doctor has an incredible track record for removing and detecting the latest malware.

Download Spyware Doctor to scan your computer for free

Manual Removal Instructions

End these processes:

Learn how to end processes

pgs.exe
ptask.exe
bm.exe
ugac.exe

Delete these files:
Lean how to remove files

c:\Documents and Settings\All Users\Application Data\SalesMon
c:\Documents and Settings\All Users\Application Data\SalesMon\Data
c:\Documents and Settings\All Users\Desktop\PCTotalDefender.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PCTotalDefender
c:\Documents and Settings\All Users\Start Menu\Programs\PCTotalDefender\Contact Customer Support.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PCTotalDefender\PCTotalDefender.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PCTotalDefender\Uninstall PCTotalDefender.lnk
<User’s Profile>\Application Data\PCTotalDefender
<User’s Profile>\Application Data\PCTotalDefender\Logs
<User’s Profile>\Application Data\PCTotalDefender\Logs\threats.log
<User’s Profile>\Application Data\PCTotalDefender\Logs\update.log
c:\Program Files\Common Files\PCTotalDefender
c:\Program Files\Common Files\PCTotalDefender\bm.exe
c:\Program Files\Common Files\PCTotalDefender\ugac.exe
c:\PCTotalDefender
c:\PCTotalDefender\AVQuar
c:\Program Files\PCTotalDefender
c:\Program Files\PCTotalDefender\Activate.exe
c:\Program Files\PCTotalDefender\al.dat
c:\Program Files\PCTotalDefender\dhlp.dll
c:\Program Files\PCTotalDefender\FWSettings.bin
c:\Program Files\PCTotalDefender\history.db
c:\Program Files\PCTotalDefender\main.log
c:\Program Files\PCTotalDefender\pgs.exe
c:\Program Files\PCTotalDefender\ptask.exe
c:\Program Files\PCTotalDefender\reload.exe
c:\Program Files\PCTotalDefender\ResErrors.log
c:\Program Files\PCTotalDefender\scnkrnl.dll
c:\Program Files\PCTotalDefender\settings.ini
c:\Program Files\PCTotalDefender\sqlite3.dll
c:\Program Files\PCTotalDefender\sr.log
c:\Program Files\PCTotalDefender\unins000.dat
c:\Program Files\PCTotalDefender\unins000.exe
c:\Program Files\PCTotalDefender\Config
c:\Program Files\PCTotalDefender\Config\pgs.xml
c:\Program Files\PCTotalDefender\Dat
c:\Program Files\PCTotalDefender\Dat\Activate.dat
c:\Program Files\PCTotalDefender\Dat\BkSites.dat
c:\Program Files\PCTotalDefender\Dat\bnlink.dat
c:\Program Files\PCTotalDefender\Dat\cd.dat
c:\Program Files\PCTotalDefender\Dat\incmp.dat
c:\Program Files\PCTotalDefender\Dat\index.dat
c:\Program Files\PCTotalDefender\Dat\pv.dat
c:\Program Files\PCTotalDefender\Engines
c:\Program Files\PCTotalDefender\Engines\AWBase
c:\Program Files\PCTotalDefender\Engines\AWBase\vbpv.dat
c:\Program Files\PCTotalDefender\Engines\AWBase\database
c:\Program Files\PCTotalDefender\Engines\AWBase\database\enemies.dat
c:\Program Files\PCTotalDefender\Engines\PGBase
c:\Program Files\PCTotalDefender\Engines\PGBase\vbpv.dat
c:\Program Files\PCTotalDefender\Engines\plugins\BORLNDMM.DLL
c:\Program Files\PCTotalDefender\Engines\plugins
c:\Program Files\PCTotalDefender\Engines\plugins\SCANADWR.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANBCDR.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANDLDR.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANDOS1.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANEMUL.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANFUNC.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANKRNL.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANMCR1.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANOTHR.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANSCR.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANTOOL.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANTROJ.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\SCANWIN1.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UNACPU.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UNADBX.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\unamscan.dll
c:\Program Files\PCTotalDefender\Engines\plugins\UNMIME.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UNPACK.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UNPACKS.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UNPACKS2.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UNPEPACK.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\vbpv.dat
c:\Program Files\PCTotalDefender\Engines\plugins\UpDate
c:\Program Files\PCTotalDefender\Engines\plugins\UpDate\UA27601.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UpDate\UA27602.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UpDate\UA27603.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UpDate\UA27604.DLL
c:\Program Files\PCTotalDefender\Engines\plugins\UpDate\UADAILY.DLL
c:\Program Files\PCTotalDefender\Graphics
c:\Program Files\PCTotalDefender\Graphics\cross.gif
c:\Program Files\PCTotalDefender\Graphics\ga6p.gif
c:\Program Files\PCTotalDefender\Graphics\kb.url
c:\Program Files\PCTotalDefender\Graphics\main.ico
c:\Program Files\PCTotalDefender\Graphics\mini.ico
c:\Program Files\PCTotalDefender\Graphics\Online.url
c:\Program Files\PCTotalDefender\Graphics\rm.url
c:\Program Files\PCTotalDefender\Graphics\support.ico
c:\Program Files\PCTotalDefender\Graphics\Support.url
c:\Program Files\PCTotalDefender\Graphics\uninstall.ico
c:\Program Files\PCTotalDefender\LA
c:\Program Files\PCTotalDefender\LA\lapv.dat
c:\Program Files\PCTotalDefender\LA\License.rtf
c:\Program Files\PCTotalDefender\Tools
c:\Program Files\PCTotalDefender\Tools\pblock.dll
c:\Program Files\PCTotalDefender\Tools\sbiebho.dll
c:\Program Files\PCTotalDefender\Up
c:\Program Files\PCTotalDefender\Up\ASupdater.dat
c:\Program Files\PCTotalDefender\Up\gup.exe
c:\Program Files\PCTotalDefender\Up\PGupdater.dat
c:\Program Files\PCTotalDefender\Up\UBupdater.dat
c:\Program Files\PCTotalDefender\Up\up.dat
c:\Program Files\PCTotalDefender\Up\updater.dat
c:\Program Files\PCTotalDefender\Up\Download
c:\WINDOWS\system32\capicom.dll
c:\WINDOWS\system32\msxml3a.dll
c:\WINDOWS\system32\drivers\dhlp.sys

Remove these Registry keys:

Learn how to remove Windows Registry entries
Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\PCTotalDefender
HKEY_CURRENT_USER\Software\PCTotalDefender\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CLASSES_ROOT\AppID\{EA7522F6-87CF-411e-8A55-19EE4344B676}
HKEY_CLASSES_ROOT\AppID\pblock.DLL
HKEY_CLASSES_ROOT\CLSID\{5C3F6257-3E00-45c2-88D5-CB0F3A17BF0E}
HKEY_CLASSES_ROOT\CLSID\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CLASSES_ROOT\Interface\{2933BF96-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\Interface\{2B8DE2FE-8D2D-11d1-B2FC-00C04FD915A9}
HKEY_CLASSES_ROOT\Interface\{3EFAA428-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{3EFAA429-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{C90352F7-643C-4FBC-BB23-E996EB2D51FD}
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB
HKEY_CLASSES_ROOT\SBIEBHO.IEFW
HKEY_CLASSES_ROOT\SBIEBHO.IEFW.2
HKEY_CLASSES_ROOT\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}
HKEY_CLASSES_ROOT\TypeLib\{EA7522F6-87CF-411E-8A55-19EE4344B676}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UAVUN_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PCTotalDefender
HKEY_LOCAL_MACHINE\SOFTWARE\PCTotalDefender\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Products
HKEY_LOCAL_MACHINE\SOFTWARE\ugac
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “U3P_PCTD 2.2.363.4″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => “bm”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => “PCTotalDefender”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run => “ugac”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce => “overinstall”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlp => “Start”