Wednesday, November 26, 2008

Hopee Trojan

Removing Hopee
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Hopee Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.bnz;
[Other]Win32/Hopee,Win32/Hopee.A,Hacktool.Rootkit,TrojanDownloader:Win32/Agent,W32/Agent.BQGU

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\nso12k.sys
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\nso12k.sys

How to detect Hopee:

Files:
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\nso12k.sys
[%SYSTEM%]\cssrss.exe
[%SYSTEM%]\nso12k.sys

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\driver

Removing Hopee:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Delfile1.Cab Hostile Code
EZSearch.EZCybersearch.bar BHO Removal instruction

ICQ.PWS Trojan

Removing ICQ.PWS
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

ICQ.PWS Also known as:

[Kaspersky]Trojan.PSW.Coced.226,Trojan.PSW.Coced.227.a,Trojan-PSW.Win32.Coced.226,Trojan-PSW.Win32.Coced.227.a,Trojan.PSW.Coced.231,Trojan-PSW.Win32.Coced.231,Trojan.PSW.Coced.231.b,Trojan.PSW.Coced.233,Trojan.PSW.Coced.234,Trojan.PSW.Icup,Trojan.PSW.Coced.230,Trojan.PSW.Coced.229.b,Trojan.PSW.GOPtrojan.12;
[Eset]Naebi.2_26 trojan,Naebi.227.A trojan,Naebi.2_31.A trojan,Naebi.2_31.B trojan,Naebi.2_33 trojan,Naebi.2_34 trojan,Win32/PSW.Coced.234 trojan,Naebi.2_30 trojan,Naebi.2_29 trojan;
[McAfee]ICQ-PWS,PWS.gen,PWS-CP,PWS-CE;
[F-Prot]Trojan.Coced.227,W32/Trojan.Coced.226,Trojan.Coced.231,W32/Trojan.Coced.231,security risk or a "backdoor" program,destructive program;
[Panda]Trj/Coced.227,Trj/Coced.231,Trj/Coced.232,Trj/Coced.234,Trj/PSW.Coced.234,Trj/PSW.Coced233,Trj/PSW.Icup,Trj/Coced.230,Trj/PSW.Coced.229.b,Trj/PSW.Gop.12,Trojan Horse;
[Computer Associates]Win32.PSW.Coced.227,Win32/Coced.2.2.6!PWS!Trojan,Win32/Coced.227.ASPask!PWS!Troja,Win32.PSW.Coced.231,Win32/Coced.231!PWS!Trojan,Win32/Coced.231.ASPask!PWS!Troja,Win32.PSW.Coced.2321,Win32/Coced!PWS!Trojan,Win32.PSW.Coced.2342,Win32/Coced.233!PWS!Trojan,Win95/Coce2225!Dropper,Win32/Icup!PWS!Trojan,Win32.PSW.Coced.230,Win32/Coced.230!PWS!Trojan,Win32/Coced.230.ASPask!PWS!Troja,Win32/Coced.229.B!PWS!Trojan,Win32.PSW.OICQ2001,Win32/MultiDropper.AF-0!Dropper,Win32/OICQ2001!PWS!Trojan

How to detect ICQ.PWS:

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object

Removing ICQ.PWS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CWSMeup.E Trojan Removal
Agent.SBB Trojan Information
QaBar.Adult.Links.Toolband BHO Symptoms
Remove QZap128 Trojan

Hijack.Findthewebsiteyouneed Hijacker

Removing Hijack.Findthewebsiteyouneed
Categories: Hijacker
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

How to detect Hijack.Findthewebsiteyouneed:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\search\searchassistant explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\search\searchassistant explorer\main

Removing Hijack.Findthewebsiteyouneed:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ranger Trojan Information
Remove Vxidl.AWI Trojan

AdBlocker Adware

Removing AdBlocker
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect AdBlocker:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\aphelper.dll
HKEY_CLASSES_ROOT\aphelper.apconfig
HKEY_CLASSES_ROOT\aphelper.apconfig.1
HKEY_CLASSES_ROOT\aphelper.apinstaller
HKEY_CLASSES_ROOT\aphelper.apinstaller.1
HKEY_CLASSES_ROOT\aphelper.aptoolbarhelper
HKEY_CLASSES_ROOT\aphelper.aptoolbarhelper.1
HKEY_CLASSES_ROOT\clsid\{54ec170f-6eb1-47c6-9c4d-eb0be20ce45e}
HKEY_CLASSES_ROOT\clsid\{93829908-07c2-44a2-95db-f78f201a9b48}
HKEY_CLASSES_ROOT\clsid\{ccf99cd5-1bcf-4db2-8197-e9864a99702b}
HKEY_CLASSES_ROOT\interface\{12debc84-b743-423a-825c-049ad85309dc}
HKEY_CLASSES_ROOT\interface\{9b33399e-89a6-4ea5-91a9-5dc72b7af60a}
HKEY_CLASSES_ROOT\interface\{ee1bc3c2-d245-4e64-a6b6-06425a3a5997}
HKEY_CLASSES_ROOT\typelib\{a37d57bd-5a27-4f8c-ab59-e0f6a7a0e95a}
HKEY_CURRENT_USER\software\linkz
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{93829908-07c2-44a2-95db-f78f201a9b48}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{7e34ccac-2531-450e-8746-80da107adaf5}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{d1e435db-ee0c-4a71-84a8-a270f03b3ee7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54ec170f-6eb1-47c6-9c4d-eb0be20ce45e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\aphelper.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{93829908-07c2-44a2-95db-f78f201a9b48}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\search bar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing AdBlocker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Adware.RBlast Trojan

PrivacyProtector Ransomware

Removing PrivacyProtector
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\PrivacyProtector Free.lnk
[%DESKTOP%]\PrivacyProtector.lnk
[%PROGRAM_FILES%]\Advanced System Optimizer\privprot.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\UPRP.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\uprpcw.exe
[%DESKTOP%]\PrivacyProtector Free.lnk
[%DESKTOP%]\PrivacyProtector.lnk
[%PROGRAM_FILES%]\Advanced System Optimizer\privprot.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\UPRP.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\uprpcw.exe

How to detect PrivacyProtector:

Files:
[%DESKTOP%]\PrivacyProtector Free.lnk
[%DESKTOP%]\PrivacyProtector.lnk
[%PROGRAM_FILES%]\Advanced System Optimizer\privprot.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\UPRP.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\uprpcw.exe
[%DESKTOP%]\PrivacyProtector Free.lnk
[%DESKTOP%]\PrivacyProtector.lnk
[%PROGRAM_FILES%]\Advanced System Optimizer\privprot.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\UPRP.exe
[%PROGRAM_FILES%]\PrivacyProtector Free\uprpcw.exe

Folders:
[%APPDATA%]\PrivacyProtector
[%APPDATA%]\PrivacyProtector Free
[%COMMON_PROGRAMS%]\PrivacyProtector
[%COMMON_PROGRAMS%]\PrivacyProtector Free
[%PROGRAM_FILES%]\PrivacyProtector
[%PROGRAM_FILES%]\PrivacyProtector Free
[%PROGRAM_FILES_COMMON%]\PrivacyProtector
[%PROGRAM_FILES_COMMON%]\PrivacyProtector Free

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing PrivacyProtector:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove XLink.Looker Trojan
Removing VBFlood Trojan
Removing Ransom Trojan

SilentCat Spyware

Removing SilentCat
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect SilentCat:

Folders:
[%PROGRAM_FILES%]\SilentCat

Registry Keys:
HKEY_CURRENT_USER\software\vb and vba program settings\silentcat
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\silent cat screen server

Removing SilentCat:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
QinqDL Trojan Removal instruction
W95.Segax Trojan Symptoms
Remove Hi.Wire Adware

Zlob.mo Downloader

Removing Zlob.mo
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\simpole.tlb
[%SYSTEM%]\hp7AFF.tmp
[%SYSTEM%]\simpole.tlb
[%SYSTEM%]\hp7AFF.tmp

How to detect Zlob.mo:

Files:
[%SYSTEM%]\simpole.tlb
[%SYSTEM%]\hp7AFF.tmp
[%SYSTEM%]\simpole.tlb
[%SYSTEM%]\hp7AFF.tmp

Registry Values:
HKEY_CLASSES_ROOT\clsid\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\inprocserver32

Removing Zlob.mo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.BBM Trojan

VirtSpell Backdoor

Removing VirtSpell
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

VirtSpell Also known as:

[Kaspersky]Backdoor.Win32.Agent.aon;
[McAfee]Generic BackDoor;
[Other]trojan-backdoor-virtualspell,Backdoor.Trojan,Win32.ExploreHijack

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\vspell.exe
[%SYSTEM%]\vspell.exe

How to detect VirtSpell:

Files:
[%SYSTEM%]\vspell.exe
[%SYSTEM%]\vspell.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\virtspell

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing VirtSpell:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Snort.Ids.Trinoo DoS
CHCB Backdoor Symptoms
Pigeon.AVKB Trojan Removal instruction
AppInit Malware Malware Cleaner

Lookup.Abeb BHO

Removing Lookup.Abeb
Categories: BHO,Hijacker
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\abeb.dll
[%WINDOWS%]\system\abeb.dll
[%SYSTEM%]\abeb.dll
[%WINDOWS%]\system\abeb.dll

How to detect Lookup.Abeb:

Files:
[%SYSTEM%]\abeb.dll
[%WINDOWS%]\system\abeb.dll
[%SYSTEM%]\abeb.dll
[%WINDOWS%]\system\abeb.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0c9cbfe1-91cd-40c2-bb64-1ec84c4c46af}
HKEY_CLASSES_ROOT\clsid\{2038a287-4221-4f76-a7c0-addd77afabb3}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2038a287-4221-4f76-a7c0-addd77afabb3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0c9cbfe1-91cd-40c2-bb64-1ec84c4c46af}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2038a287-4221-4f76-a7c0-addd77afabb3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2038a287-4221-4f76-a7c0-addd77afabb3}

Removing Lookup.Abeb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IE Defender Ransomware Symptoms
Digital.Error DoS Removal
Remove Win32.Swizzor.fg Trojan
SillyDl.COQ Trojan Information

Win32.Sbot Trojan

Removing Win32.Sbot
Categories: Trojan,Worm,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.


Win32.Sbot Also known as:

[Kaspersky]Backdoor.IRCBot.gen,Backdoor.Sbot.12;
[Eset]IRC/SdBot.CIP trojan;
[Panda]Bck/Sbot.C;
[Computer Associates]Win32.Sbot.C,Backdoor/Sbot.12.A!Server

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\syscfg32.exe
[%SYSTEM%]\syscfg32.exe

How to detect Win32.Sbot:

Files:
[%SYSTEM%]\syscfg32.exe
[%SYSTEM%]\syscfg32.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.Sbot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bear.&.Tiger RAT Removal
Goesna Trojan Symptoms
Removing Adware.NDotNet Adware
Mystruc.defs Trojan Removal instruction
Removing Vxidl.AAS Trojan

WinZix Adware

Removing WinZix
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\winzix.lnk
[%DESKTOP%]\winzix.lnk

How to detect WinZix:

Files:
[%DESKTOP%]\winzix.lnk
[%DESKTOP%]\winzix.lnk

Folders:
[%COMMON_PROGRAMS%]\WinZix
[%PROGRAM_FILES%]\WinZix

Registry Keys:
HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\winzixmanager
HKEY_CLASSES_ROOT\applications\winzix.exe
HKEY_CLASSES_ROOT\clsid\{ee91f4cc-6ba2-424c-a1fe-64910ccb6a42}
HKEY_CLASSES_ROOT\directory\shellex\contextmenuhandlers\winzixmanager
HKEY_CLASSES_ROOT\folder\shellex\contextmenuhandlers\winzixmanager
HKEY_CLASSES_ROOT\interface\{41ca7d4d-ae77-4b13-9459-e9ab7efecaad}
HKEY_CLASSES_ROOT\mime\database\content type\application\x-zix
HKEY_CLASSES_ROOT\typelib\{10954590-2b3a-41ec-97bb-c95a5e646da9}
HKEY_CLASSES_ROOT\winzix
HKEY_CURRENT_USER\software\wakenet

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.zix
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.zix\openwithlist
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.zix\openwithlist
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winzix_is1

Removing WinZix:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Supreme.Desktop Adware Removal instruction

Bifrose Trojan

Removing Bifrose
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.


Visible Symptoms:
Files in system folders:
[%SYSTEM%]\svhost.exe
[%SYSTEM%]\tskmng.exe
[%SYSTEM%]\svhost.exe
[%SYSTEM%]\tskmng.exe

How to detect Bifrose:

Files:
[%SYSTEM%]\svhost.exe
[%SYSTEM%]\tskmng.exe
[%SYSTEM%]\svhost.exe
[%SYSTEM%]\tskmng.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bifrose:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Comclick.com Tracking Cookie Removal instruction

Spy4PC Spyware

Removing Spy4PC
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:
[%APPDATA%]\sfpc.dat
[%DESKTOP%]\Spy4pc Info.lnk
[%SYSTEM%]\msipv6.dll
[%SYSTEM%]\msudp.dll
[%SYSTEM%]\pppoe32.dll
[%SYSTEM%]\sfpc.chm
[%SYSTEM%]\sfpc.dat
[%SYSTEM%]\sfpc.exe
[%SYSTEM%]\sfpcinfo.exe
[%SYSTEM%]\WinPcap_3_1_beta_3.exe
[%APPDATA%]\sfpc.dat
[%DESKTOP%]\Spy4pc Info.lnk
[%SYSTEM%]\msipv6.dll
[%SYSTEM%]\msudp.dll
[%SYSTEM%]\pppoe32.dll
[%SYSTEM%]\sfpc.chm
[%SYSTEM%]\sfpc.dat
[%SYSTEM%]\sfpc.exe
[%SYSTEM%]\sfpcinfo.exe
[%SYSTEM%]\WinPcap_3_1_beta_3.exe

How to detect Spy4PC:

Files:
[%APPDATA%]\sfpc.dat
[%DESKTOP%]\Spy4pc Info.lnk
[%SYSTEM%]\msipv6.dll
[%SYSTEM%]\msudp.dll
[%SYSTEM%]\pppoe32.dll
[%SYSTEM%]\sfpc.chm
[%SYSTEM%]\sfpc.dat
[%SYSTEM%]\sfpc.exe
[%SYSTEM%]\sfpcinfo.exe
[%SYSTEM%]\WinPcap_3_1_beta_3.exe
[%APPDATA%]\sfpc.dat
[%DESKTOP%]\Spy4pc Info.lnk
[%SYSTEM%]\msipv6.dll
[%SYSTEM%]\msudp.dll
[%SYSTEM%]\pppoe32.dll
[%SYSTEM%]\sfpc.chm
[%SYSTEM%]\sfpc.dat
[%SYSTEM%]\sfpc.exe
[%SYSTEM%]\sfpcinfo.exe
[%SYSTEM%]\WinPcap_3_1_beta_3.exe

Folders:
[%PROGRAMS%]\SPY4PC
[%PROGRAM_FILES%]\SpYOuTSiDe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\currentchaos - sp0 -

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Spy4PC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ziocom Adware Cleaner
TrojanDownloader.Win32.Small.hr Trojan Symptoms
Remove Generic.Delphi Trojan
Startpage Trojan Removal instruction
Lexbac Trojan Cleaner

AdPartner Adware

Removing AdPartner
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%SYSTEM%]\aplsp.dll
[%WINDOWS%]\system\aplsp.dll
[%SYSTEM%]\aplsp.dll
[%WINDOWS%]\system\aplsp.dll

How to detect AdPartner:

Files:
[%SYSTEM%]\aplsp.dll
[%WINDOWS%]\system\aplsp.dll
[%SYSTEM%]\aplsp.dll
[%WINDOWS%]\system\aplsp.dll

Removing AdPartner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Hi.Wire Adware Removal instruction
NucScan.Sabine Trojan Information
Removing WebD Trojan

Advanced.Remote.Info RAT

Removing Advanced.Remote.Info
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

How to detect Advanced.Remote.Info:

Folders:
[%PROGRAM_FILES%]\advancedremoteinfo

Removing Advanced.Remote.Info:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ESyndicate Adware Removal instruction

SpywareKnight Trojan

Removing SpywareKnight
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight on the Web.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\Uninstall SpywareKnight.lnk
[%DESKTOP%]\SpywareKnight.lnk
[%DESKTOP%]\spywareknight_setup.exe
[%LOCAL_APPDATA%]\SpywareKnight\adesktop_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\explorer_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_files.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_folders.list
[%LOCAL_APPDATA%]\SpywareKnight\hijack.patterns
[%LOCAL_APPDATA%]\SpywareKnight\hijack.places
[%LOCAL_APPDATA%]\SpywareKnight\ie_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\ie_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\kb.bin
[%LOCAL_APPDATA%]\SpywareKnight\kg.bin
[%LOCAL_APPDATA%]\SpywareKnight\kt.bin
[%LOCAL_APPDATA%]\SpywareKnight\rgexplorer_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\rgmisc_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\runcu_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\runlm_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\09A180E4.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\458F325B.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\51B4EC5E.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\72478AC7.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\760B8003.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8754D03D.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8C759FFA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\AB0EEEBA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\C979E988.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D7C8EB71.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D9F9A77A.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\FDBC69A3.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\system_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\uistate.bin
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight on the Web.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\Uninstall SpywareKnight.lnk
[%DESKTOP%]\SpywareKnight.lnk
[%DESKTOP%]\spywareknight_setup.exe
[%LOCAL_APPDATA%]\SpywareKnight\adesktop_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\explorer_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_files.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_folders.list
[%LOCAL_APPDATA%]\SpywareKnight\hijack.patterns
[%LOCAL_APPDATA%]\SpywareKnight\hijack.places
[%LOCAL_APPDATA%]\SpywareKnight\ie_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\ie_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\kb.bin
[%LOCAL_APPDATA%]\SpywareKnight\kg.bin
[%LOCAL_APPDATA%]\SpywareKnight\kt.bin
[%LOCAL_APPDATA%]\SpywareKnight\rgexplorer_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\rgmisc_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\runcu_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\runlm_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\09A180E4.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\458F325B.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\51B4EC5E.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\72478AC7.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\760B8003.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8754D03D.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8C759FFA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\AB0EEEBA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\C979E988.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D7C8EB71.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D9F9A77A.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\FDBC69A3.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\system_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\uistate.bin

How to detect SpywareKnight:

Files:
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight on the Web.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\Uninstall SpywareKnight.lnk
[%DESKTOP%]\SpywareKnight.lnk
[%DESKTOP%]\spywareknight_setup.exe
[%LOCAL_APPDATA%]\SpywareKnight\adesktop_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\explorer_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_files.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_folders.list
[%LOCAL_APPDATA%]\SpywareKnight\hijack.patterns
[%LOCAL_APPDATA%]\SpywareKnight\hijack.places
[%LOCAL_APPDATA%]\SpywareKnight\ie_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\ie_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\kb.bin
[%LOCAL_APPDATA%]\SpywareKnight\kg.bin
[%LOCAL_APPDATA%]\SpywareKnight\kt.bin
[%LOCAL_APPDATA%]\SpywareKnight\rgexplorer_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\rgmisc_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\runcu_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\runlm_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\09A180E4.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\458F325B.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\51B4EC5E.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\72478AC7.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\760B8003.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8754D03D.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8C759FFA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\AB0EEEBA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\C979E988.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D7C8EB71.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D9F9A77A.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\FDBC69A3.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\system_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\uistate.bin
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight on the Web.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\SpywareKnight.lnk
[%COMMON_PROGRAMS%]\SpywareKnight\Uninstall SpywareKnight.lnk
[%DESKTOP%]\SpywareKnight.lnk
[%DESKTOP%]\spywareknight_setup.exe
[%LOCAL_APPDATA%]\SpywareKnight\adesktop_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\explorer_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_files.list
[%LOCAL_APPDATA%]\SpywareKnight\fg_folders.list
[%LOCAL_APPDATA%]\SpywareKnight\hijack.patterns
[%LOCAL_APPDATA%]\SpywareKnight\hijack.places
[%LOCAL_APPDATA%]\SpywareKnight\ie_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\ie_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\kb.bin
[%LOCAL_APPDATA%]\SpywareKnight\kg.bin
[%LOCAL_APPDATA%]\SpywareKnight\kt.bin
[%LOCAL_APPDATA%]\SpywareKnight\rgexplorer_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\rgmisc_rg.list
[%LOCAL_APPDATA%]\SpywareKnight\runcu_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\runlm_sg.list
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\09A180E4.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\458F325B.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\51B4EC5E.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\72478AC7.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\760B8003.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8754D03D.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\8C759FFA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\AB0EEEBA.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\C979E988.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D7C8EB71.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\D9F9A77A.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\snapshots\FDBC69A3.filesnap
[%LOCAL_APPDATA%]\SpywareKnight\system_dg.list
[%LOCAL_APPDATA%]\SpywareKnight\uistate.bin

Folders:
[%PROGRAM_FILES%]\SpywareKnight

Registry Keys:
HKEY_CURRENT_USER\software\spywareknight
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywareknight_is1

Removing SpywareKnight:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
LiveProtection Ransomware Symptoms

BDDT Trojan

Removing BDDT
Categories: Trojan,Backdoor,RAT,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
DoS trojans conduct attacks from a single computer with the consent of the user.

BDDT Also known as:

[Kaspersky]Backdoor.BDDT;
[Eset]Win32/BDDT.A trojan

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\jojo.exe
[%WINDOWS%]\system\msrun.exe
[%WINDOWS%]\system\jojo.exe
[%WINDOWS%]\system\msrun.exe

How to detect BDDT:

Files:
[%WINDOWS%]\system\jojo.exe
[%WINDOWS%]\system\msrun.exe
[%WINDOWS%]\system\jojo.exe
[%WINDOWS%]\system\msrun.exe

Removing BDDT:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EYK Trojan Removal
Win32.Small Trojan Symptoms
The.Shield Adware Symptoms
Media.Tickets Spyware Removal
Remove Win.AEP Trojan

system-processes.com Hijacker

Removing system-processes.com
Categories: Hijacker,Adware,Toolbar
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat

How to detect system-processes.com:

Files:
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\System Process

Registry Values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

Removing system-processes.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.ASS Trojan
Removing AntiVermins Adware
AllSum.dll Adware Removal instruction
Remove Watcher Trojan
BAT.CDEject Trojan Information

Agent.gf Trojan

Removing Agent.gf
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.


Visible Symptoms:
Files in system folders:
[%SYSTEM%]\winserver.exe
[%SYSTEM%]\winserver.exe

How to detect Agent.gf:

Files:
[%SYSTEM%]\winserver.exe
[%SYSTEM%]\winserver.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Agent.gf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
primaryads.com Tracking Cookie Removal instruction
Pigeon.AKL Trojan Removal instruction
ZapSpot Adware Symptoms
Lineage.ACK Trojan Symptoms

The.Communicator Toolbar

Removing The.Communicator
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\lmdv.bin
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\lmdv.bin

How to detect The.Communicator:

Files:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\lmdv.bin
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\lmdv.bin

Folders:
[%PROGRAM_FILES%]\communicator toolbar

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{6A6E50DC-BFA8-4B40-AB1B-159E03E829FD}
HKEY_CLASSES_ROOT\CLSID\{DFAA31C8-A356-4313-9D95-5EDAB46C5070}
HKEY_CLASSES_ROOT\interface\{43b32a8d-3c3d-4969-b44e-cdcf0d233881}
HKEY_CLASSES_ROOT\linkmaker.linkmakerfilter
HKEY_CLASSES_ROOT\linkmaker.linkmakerfilter.1
HKEY_CLASSES_ROOT\linkmaker.linktracker
HKEY_CLASSES_ROOT\linkmaker.linktracker.1
HKEY_CURRENT_USER\software\communicator toolbar
HKEY_LOCAL_MACHINE\software\lm
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}
HKEY_CLASSES_ROOT\clsid\{6a6e50dc-bfa8-4b40-ab1b-159e03e829fd}
HKEY_CLASSES_ROOT\clsid\{dfaa31c8-a356-4313-9d95-5edab46c5070}
HKEY_CLASSES_ROOT\communicator.communicator
HKEY_CLASSES_ROOT\communicator.communicatormenu button
HKEY_CLASSES_ROOT\communicator.communicatortoggle button
HKEY_LOCAL_MACHINE\software\tbc

Registry Values:
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\the communicator
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\the communicator

Removing The.Communicator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Manibag Trojan Removal instruction
Haan Spyware Removal instruction
Tfd.aFlooder Trojan Information
Remove Hitpop Trojan

BlowSearch Adware

Removing BlowSearch
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

BlowSearch Also known as:

[Kaspersky]Trojan.Win32.StartPage.bi;
[Eset]Win32/SearchHelp.A trojan;
[Panda]Spyware/SearchHelp;
[Computer Associates]Win32.Startpage.V,Win32/StartPage.IDG!Trojan

How to detect BlowSearch:

Folders:
[%PROGRAM_FILES%]\blowsearchtoolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6f8adbe2-8c92-4362-b0e6-7321aa49ee46}
HKEY_LOCAL_MACHINE\software\classes\interface\{818e8baa-bba9-4343-af32-c7f51582d6b5}
HKEY_LOCAL_MACHINE\software\classes\typelib\{508d52d8-117d-405a-bf53-818278d8e4a8}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{6f8adbe2-8c92-4362-b0e6-7321aa49ee46}

Registry Values:
HKEY_CLASSES_ROOT\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\classes\clsid\{6f8adbe2-8c92-4362-b0e6-7321aa49ee46}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\blowsearchtoolbar

Removing BlowSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NiteLineMedia Adware Removal instruction
Remove Win32.MultiDropper Trojan
Pigeon.AEJ Trojan Information
VidCach Trojan Information

Dechiver Trojan

Removing Dechiver
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Dechiver Also known as:

[Kaspersky]Trojan-Downlaoder.Win32.VB.avj;
[Other]Win32/Dechiver

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\nowenvir.exe
[%SYSTEM%]\nowenvir.exe

How to detect Dechiver:

Files:
[%SYSTEM%]\nowenvir.exe
[%SYSTEM%]\nowenvir.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Dechiver:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove MiniBackLash Backdoor
GreatSearch Adware Symptoms

Generic.Downloader.ab Trojan

Removing Generic.Downloader.ab
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.


Generic.Downloader.ab Also known as:

[McAfee]Generic Downloader.ab;
[Other]Win32.Pubala.A,Troj/DwnLdr-AYA,Downloader,Troj/DwnLdr-FXY,Trojan-Downloader.Gen,Win32/SillyDl.CEU,Win32/Vowfie.A,Trojan-Downloader.Win32.Agent.bcd,Win32/SillyDl.CMN

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cryptimg.dll
[%SYSTEM%]\drivers\hidproc.sys
[%SYSTEM%]\pob2res.exe
[%SYSTEM%]\cryptimg.dll
[%SYSTEM%]\drivers\hidproc.sys
[%SYSTEM%]\pob2res.exe

How to detect Generic.Downloader.ab:

Files:
[%SYSTEM%]\cryptimg.dll
[%SYSTEM%]\drivers\hidproc.sys
[%SYSTEM%]\pob2res.exe
[%SYSTEM%]\cryptimg.dll
[%SYSTEM%]\drivers\hidproc.sys
[%SYSTEM%]\pob2res.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptimg
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hidproc

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Generic.Downloader.ab:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Danschl Trojan Removal instruction
Zango.Search.Assistant Adware Cleaner
Xupiter.Xjupiter Hijacker Cleaner

SystemDoctor Trojan

Removing SystemDoctor
Categories: Trojan,Adware,Ransomware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

Visible Symptoms:
Files in system folders:
[%APPDATA%]\sysdoctor.exe
[%COMMON_DOCUMENTS%]\SystemDoctor2006FreeInstall.exe
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contact customer support.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 on the Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Uninstall SystemDoctor 2006.lnk
[%DESKTOP%]\notes\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\Programs\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%INTERNET_CACHE%]\Content.IE5\01234567\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\2ODO6ETA\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\8HAJOHUF\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\023GHTJL\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\L3VAF25O\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\OSRB556O\SystemDoctor2006FreeInstall[1].exe
[%LOCAL_APPDATA%]\Mozilla\Firefox\Profiles\ehf5smtx.default\Cache\069CD5C0d01
[%PROFILE_TEMP%]\37vdbutx.exe
[%PROFILE_TEMP%]\Setup(5).exe
[%PROFILE_TEMP%]\SystemDoctorFreeSetup.exe
[%PROFILE_TEMP%]\temp.fr????\sd2006url.url
[%PROFILE_TEMP%]\temp.fr????\support.url
[%PROFILE_TEMP%]\temp.fr????\up.dat
[%PROFILE_TEMP%]\temp.fr????\updater.dat
[%PROFILE_TEMP%]\vxsc4455.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\License.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pasmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sd2006url.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\support.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\up.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\USDR6cw.exe
[%PROGRAM_FILES%]\SystemDoctor Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor Free\sdurl.url
[%PROGRAM_FILES%]\SystemDoctor Free\support.url
[%PROGRAM_FILES%]\SystemDoctor Free\up.dat
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor\up.dat
[%PROGRAM_FILES_COMMON%]\SystemDoctor\USDR6cw.exe
[%WINDOWS%]\Temp\SystemDoctorFreeSetup.exe
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactar al Servicio de Atenci%F3n al Cliente.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactez le Service Clients.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\D%E9sinstaller SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Desinstalar SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 dans la Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 en la Web.lnk
[%DESKTOP%]\SystemDoctor.lnk
[%PROFILE%]\LOCAL.EXE
[%PROFILE_TEMP%]\SystemDoctor2006FreeInstall.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\atl71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhpv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhupdater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bnlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\DataBase.sav
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\dcmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\diagnosis.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\err.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\insthelp.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lapv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lock.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mfc71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ModelLib.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mProp
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcp71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcr71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\propbh.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\readme.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ReportListFile.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sdr.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sr.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\st.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\startmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\umain.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__d_c_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_F_C_7_1_._D_L_L_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_P_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_R_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__p_a_s_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__U_S_D_R_6_c_w_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006\main.exe
[%PROGRAM_FILES%]\SystemDoctor 2006\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor Free\sdmain.exe
[%PROGRAM_FILES%]\SystemDoctor\main.exe
[%PROGRAM_FILES_COMMON%]\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\ers_startupmon.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor 2006\SDR6cw.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe
[%WINDOWS%]\Downloaded Program Files\USDR6S_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D13M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M1608NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%DESKTOP%]\SystemDoctor.lnk
[%APPDATA%]\sysdoctor.exe
[%COMMON_DOCUMENTS%]\SystemDoctor2006FreeInstall.exe
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contact customer support.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 on the Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Uninstall SystemDoctor 2006.lnk
[%DESKTOP%]\notes\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\Programs\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%INTERNET_CACHE%]\Content.IE5\01234567\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\2ODO6ETA\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\8HAJOHUF\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\023GHTJL\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\L3VAF25O\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\OSRB556O\SystemDoctor2006FreeInstall[1].exe
[%LOCAL_APPDATA%]\Mozilla\Firefox\Profiles\ehf5smtx.default\Cache\069CD5C0d01
[%PROFILE_TEMP%]\37vdbutx.exe
[%PROFILE_TEMP%]\Setup(5).exe
[%PROFILE_TEMP%]\SystemDoctorFreeSetup.exe
[%PROFILE_TEMP%]\temp.fr????\sd2006url.url
[%PROFILE_TEMP%]\temp.fr????\support.url
[%PROFILE_TEMP%]\temp.fr????\up.dat
[%PROFILE_TEMP%]\temp.fr????\updater.dat
[%PROFILE_TEMP%]\vxsc4455.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\License.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pasmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sd2006url.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\support.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\up.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\USDR6cw.exe
[%PROGRAM_FILES%]\SystemDoctor Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor Free\sdurl.url
[%PROGRAM_FILES%]\SystemDoctor Free\support.url
[%PROGRAM_FILES%]\SystemDoctor Free\up.dat
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor\up.dat
[%PROGRAM_FILES_COMMON%]\SystemDoctor\USDR6cw.exe
[%WINDOWS%]\Temp\SystemDoctorFreeSetup.exe
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactar al Servicio de Atenci%F3n al Cliente.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactez le Service Clients.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\D%E9sinstaller SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Desinstalar SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 dans la Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 en la Web.lnk
[%DESKTOP%]\SystemDoctor.lnk
[%PROFILE%]\LOCAL.EXE
[%PROFILE_TEMP%]\SystemDoctor2006FreeInstall.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\atl71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhpv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhupdater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bnlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\DataBase.sav
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\dcmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\diagnosis.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\err.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\insthelp.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lapv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lock.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mfc71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ModelLib.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mProp
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcp71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcr71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\propbh.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\readme.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ReportListFile.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sdr.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sr.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\st.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\startmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\umain.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__d_c_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_F_C_7_1_._D_L_L_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_P_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_R_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__p_a_s_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__U_S_D_R_6_c_w_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006\main.exe
[%PROGRAM_FILES%]\SystemDoctor 2006\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor Free\sdmain.exe
[%PROGRAM_FILES%]\SystemDoctor\main.exe
[%PROGRAM_FILES_COMMON%]\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\ers_startupmon.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor 2006\SDR6cw.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe
[%WINDOWS%]\Downloaded Program Files\USDR6S_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D13M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M1608NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%DESKTOP%]\SystemDoctor.lnk

How to detect SystemDoctor:

Files:
[%APPDATA%]\sysdoctor.exe
[%COMMON_DOCUMENTS%]\SystemDoctor2006FreeInstall.exe
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contact customer support.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 on the Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Uninstall SystemDoctor 2006.lnk
[%DESKTOP%]\notes\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\Programs\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%INTERNET_CACHE%]\Content.IE5\01234567\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\2ODO6ETA\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\8HAJOHUF\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\023GHTJL\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\L3VAF25O\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\OSRB556O\SystemDoctor2006FreeInstall[1].exe
[%LOCAL_APPDATA%]\Mozilla\Firefox\Profiles\ehf5smtx.default\Cache\069CD5C0d01
[%PROFILE_TEMP%]\37vdbutx.exe
[%PROFILE_TEMP%]\Setup(5).exe
[%PROFILE_TEMP%]\SystemDoctorFreeSetup.exe
[%PROFILE_TEMP%]\temp.fr????\sd2006url.url
[%PROFILE_TEMP%]\temp.fr????\support.url
[%PROFILE_TEMP%]\temp.fr????\up.dat
[%PROFILE_TEMP%]\temp.fr????\updater.dat
[%PROFILE_TEMP%]\vxsc4455.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\License.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pasmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sd2006url.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\support.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\up.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\USDR6cw.exe
[%PROGRAM_FILES%]\SystemDoctor Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor Free\sdurl.url
[%PROGRAM_FILES%]\SystemDoctor Free\support.url
[%PROGRAM_FILES%]\SystemDoctor Free\up.dat
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor\up.dat
[%PROGRAM_FILES_COMMON%]\SystemDoctor\USDR6cw.exe
[%WINDOWS%]\Temp\SystemDoctorFreeSetup.exe
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactar al Servicio de Atenci%F3n al Cliente.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactez le Service Clients.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\D%E9sinstaller SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Desinstalar SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 dans la Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 en la Web.lnk
[%DESKTOP%]\SystemDoctor.lnk
[%PROFILE%]\LOCAL.EXE
[%PROFILE_TEMP%]\SystemDoctor2006FreeInstall.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\atl71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhpv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhupdater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bnlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\DataBase.sav
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\dcmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\diagnosis.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\err.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\insthelp.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lapv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lock.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mfc71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ModelLib.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mProp
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcp71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcr71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\propbh.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\readme.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ReportListFile.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sdr.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sr.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\st.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\startmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\umain.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__d_c_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_F_C_7_1_._D_L_L_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_P_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_R_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__p_a_s_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__U_S_D_R_6_c_w_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006\main.exe
[%PROGRAM_FILES%]\SystemDoctor 2006\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor Free\sdmain.exe
[%PROGRAM_FILES%]\SystemDoctor\main.exe
[%PROGRAM_FILES_COMMON%]\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\ers_startupmon.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor 2006\SDR6cw.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe
[%WINDOWS%]\Downloaded Program Files\USDR6S_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D13M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M1608NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%DESKTOP%]\SystemDoctor.lnk
[%APPDATA%]\sysdoctor.exe
[%COMMON_DOCUMENTS%]\SystemDoctor2006FreeInstall.exe
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contact customer support.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 on the Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Uninstall SystemDoctor 2006.lnk
[%DESKTOP%]\notes\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\Programs\SystemDoctor2006FreeInstall.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%INTERNET_CACHE%]\Content.IE5\01234567\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\2ODO6ETA\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\8HAJOHUF\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\023GHTJL\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\L3VAF25O\SystemDoctor2006FreeInstall[1].exe
[%INTERNET_CACHE%]\Low\Content.IE5\OSRB556O\SystemDoctor2006FreeInstall[1].exe
[%LOCAL_APPDATA%]\Mozilla\Firefox\Profiles\ehf5smtx.default\Cache\069CD5C0d01
[%PROFILE_TEMP%]\37vdbutx.exe
[%PROFILE_TEMP%]\Setup(5).exe
[%PROFILE_TEMP%]\SystemDoctorFreeSetup.exe
[%PROFILE_TEMP%]\temp.fr????\sd2006url.url
[%PROFILE_TEMP%]\temp.fr????\support.url
[%PROFILE_TEMP%]\temp.fr????\up.dat
[%PROFILE_TEMP%]\temp.fr????\updater.dat
[%PROFILE_TEMP%]\vxsc4455.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\License.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pasmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sd2006url.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\support.url
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\up.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\USDR6cw.exe
[%PROGRAM_FILES%]\SystemDoctor Free\hmlink.dat
[%PROGRAM_FILES%]\SystemDoctor Free\order.dll
[%PROGRAM_FILES%]\SystemDoctor Free\sdurl.url
[%PROGRAM_FILES%]\SystemDoctor Free\support.url
[%PROGRAM_FILES%]\SystemDoctor Free\up.dat
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcsdr.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor\up.dat
[%PROGRAM_FILES_COMMON%]\SystemDoctor\USDR6cw.exe
[%WINDOWS%]\Temp\SystemDoctorFreeSetup.exe
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\SystemDoctor.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactar al Servicio de Atenci%F3n al Cliente.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Contactez le Service Clients.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\D%E9sinstaller SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\Desinstalar SystemDoctor 2006.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 dans la Web.lnk
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version\SystemDoctor 2006 en la Web.lnk
[%DESKTOP%]\SystemDoctor.lnk
[%PROFILE%]\LOCAL.EXE
[%PROFILE_TEMP%]\SystemDoctor2006FreeInstall.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\Activate.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\atl71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhpv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bhupdater.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\bnlink.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\DataBase.sav
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\dcmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\diagnosis.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\err.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\insthelp.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lapv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\lock.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mfc71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ModelLib.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\mProp
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcp71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\msvcr71.dll
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\propbh.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\pv.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\readme.rtf
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\ReportListFile.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sdr.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\sr.log
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\st.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\startmon.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\umain.xml
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.dat
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\unins000.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\updater.exe
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__d_c_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_F_C_7_1_._D_L_L_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_P_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__M_S_V_C_R_7_1_._d_l_l_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__p_a_s_m_o_n_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006 Free\__delete_on_reboot__U_S_D_R_6_c_w_._e_x_e_
[%PROGRAM_FILES%]\SystemDoctor 2006\main.exe
[%PROGRAM_FILES%]\SystemDoctor 2006\Sd2006.exe
[%PROGRAM_FILES%]\SystemDoctor Free\sdmain.exe
[%PROGRAM_FILES%]\SystemDoctor\main.exe
[%PROGRAM_FILES_COMMON%]\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner 2006 Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\DriveCleaner Free\udcpas.exe
[%PROGRAM_FILES_COMMON%]\ers_startupmon.exe
[%PROGRAM_FILES_COMMON%]\SystemDoctor 2006\SDR6cw.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2006 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007 Free\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasdc.exe
[%PROGRAM_FILES_COMMON%]\WinAntiSpyware 2007\uwasers.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\dc6_startupmon.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe
[%WINDOWS%]\Downloaded Program Files\USDR6S_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6T_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D13M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M1608NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_D18M3107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6Y_0001_N19M1105NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
[%DESKTOP%]\SystemDoctor 2006.lnk
[%DESKTOP%]\SystemDoctor.lnk

Folders:
[%APPDATA%]\SystemDoctor 2006
[%APPDATA%]\SystemDoctor 2006 Free
[%PROGRAM_FILES%]\SystemDoctor 2006 Free
[%APPDATA%]\SystemDoctor
[%APPDATA%]\SystemDoctor Free
[%COMMON_APPDATA%]\SystemDoctor
[%COMMON_APPDATA%]\SystemDoctor Free
[%COMMON_PROGRAMS%]\SystemDoctor
[%COMMON_PROGRAMS%]\SystemDoctor 2006
[%COMMON_PROGRAMS%]\SystemDoctor 2006 Unregistered Version
[%COMMON_PROGRAMS%]\SystemDoctor Unregistered Version
[%PROFILE_TEMP%]\USDR6V_0001_D13M1007
[%PROFILE_TEMP%]\USDR6V_0001_D18M3107
[%PROFILE_TEMP%]\USDR6_0001_D08M0404
[%PROFILE_TEMP%]\USDR6_0001_D09M0706
[%PROFILE_TEMP%]\USDR6_0001_D17M1107
[%PROFILE_TEMP%]\USDR6_0001_D18M2707
[%PROFILE_TEMP%]\USDR6_0001_D19M2108
[%PROFILE_TEMP%]\USDR6_7777_BHLP0611
[%PROFILE_TEMP%]\USDR6_9999_N18M1603
[%PROFILE_TEMP%]\USDR6_~1.SH!
[%PROGRAMS%]\SystemDoctor 2006 Unregistered Version
[%PROGRAM_FILES%]\SystemDoctor
[%PROGRAM_FILES%]\SystemDoctor 2006
[%PROGRAM_FILES%]\SystemDoctor 2006 Free(2)
[%PROGRAM_FILES%]\SystemDoctor Free
[%PROGRAM_FILES_COMMON%]\SystemDoctor
[%PROGRAM_FILES_COMMON%]\SystemDoctor 2006

Registry Keys:
HKEY_CLASSES_ROOT\SystemDoctor.Free
HKEY_CURRENT_USER\Software\SystemDoctor 2006 Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor 2006 Free
HKEY_CURRENT_USER\Software\BwqoonEwuMBnMaoIBMIoBogwlccwcIlohanIIagwuMwn
HKEY_CURRENT_USER\Software\SystemDoctor
HKEY_CURRENT_USER\Software\SystemDoctor 2006
HKEY_CURRENT_USER\Software\SystemDoctor 2006 FreeSettings
HKEY_CURRENT_USER\Software\SystemDoctor 2006 FreeSettings2
HKEY_CURRENT_USER\Software\SystemDoctor 2006 FreeTaskSettings
HKEY_CURRENT_USER\Software\SystemDoctor 2006Settings
HKEY_CURRENT_USER\Software\SystemDoctor 2006Settings2
HKEY_CURRENT_USER\Software\SystemDoctor 2006TaskSettings
HKEY_CURRENT_USER\Software\SystemDoctor Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor 2006
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor Free
HKEY_CLASSES_ROOT\clsid\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
HKEY_CLASSES_ROOT\clsid\{88fadc81-4fc1-4420-b5ae-48fcc0d96ea3}
HKEY_CLASSES_ROOT\systemdoctor.free
HKEY_CURRENT_USER\software\systemdoctor 2006 free
HKEY_CURRENT_USER\software\systemdoctor free
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usdr6_is1
HKEY_LOCAL_MACHINE\software\systemdoctor 2006 free

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor 2006 Free
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor 2006
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDoctor Free
HKEY_CLASSES_ROOT\clsid\{383c5a87-2a12-4398-a77f-a0f9ef8b1163}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09f1adac-76d8-4d0f-99a5-5c907dadb988}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09f1adac-76d8-4d0f-99a5-5c907dadb988}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09f1adac-76d8-4d0f-99a5-5c907dadb988}\downloadinformation
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09f1adac-76d8-4d0f-99a5-5c907dadb988}\downloadinformation
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\systemdoctor free
HKEY_LOCAL_MACHINE\software\systemdoctor free
HKEY_LOCAL_MACHINE\software\systemdoctor free

Removing SystemDoctor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Spook Trojan Cleaner
Listolf Trojan Cleaner
Backdoor.Freeweb.Server Backdoor Information
Key.Generator Backdoor Removal
Bancos.HHY Trojan Information