Hidden Virus Disabling Malwarebytes and exeHelper

JoeNeedsHelpBad · November 30, 2011

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1074-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.Lang"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1076-989B-0000E87B4FB1}]

@="AVG Virus Vault Manager Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1076-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgvault.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1076-989B-0000E87B4FB1}\ProgID]

@="AVG.AvgVirusVaultManager.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1076-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.AvgVirusVaultManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1077-989B-0000E87B4FB1}]

@="AVG Configuration Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1077-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcfg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1077-989B-0000E87B4FB1}\ProgID]

@="AVG.Config.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1077-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.Config"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1078-989B-0000E87B4FB1}]

@="Avg Report Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1078-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgrep.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1078-989B-0000E87B4FB1}\ProgID]

@="AVG.AvgReport.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1078-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.AvgReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1079-989B-0000E87B4FB1}]

@="Avg Report Manager Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1079-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgrep.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1079-989B-0000E87B4FB1}\ProgID]

@="AVG.AvgReportManager.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1079-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.AvgReportManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1081-989B-0000E87B4FB1}]

@="AVG Config Manager Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1081-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcfg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1081-989B-0000E87B4FB1}\ProgID]

@="AVG.AvgConfigManager.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1081-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.AvgConfigManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1086-989B-0000E87B4FB1}]

@="Avg Update Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1086-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgupd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1086-989B-0000E87B4FB1}\ProgID]

@="AVG.AvgUpdate.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1086-989B-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.AvgUpdate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1100-989B-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgupsvc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5624-1E72-4bd9-B454-299127582DA5}]

@="Avg Control Center Scheduler Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5624-1E72-4bd9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5624-1E72-4bd9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCSchedulerPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5624-1E72-4bd9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCSchedulerPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5625-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Resident Shield Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5625-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5625-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCResidentShieldPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5625-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCResidentShieldPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5626-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Virus Vault Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5626-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5626-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCVirusVaultPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5626-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCVirusVaultPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5627-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Update Manager Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5627-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5627-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCUpdateManagerPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5627-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCUpdateManagerPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5628-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Virus Database Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5628-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5628-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCVirusDatabasePlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A5628-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCVirusDatabasePlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562A-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Shell Extension Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562A-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562A-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCShellExtensionPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562A-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCShellExtensionPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562B-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Remote Communication Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562B-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562B-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCRemoteCommunicationPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562B-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCRemoteCommunicationPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562C-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Email Scanner Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562C-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562C-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCEmailScannerPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562C-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCEmailScannerPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562D-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center Alert Manager Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562D-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562D-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCAlertManagerPlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562D-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCAlertManagerPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562E-1E72-4BD9-B454-299127582DA5}]

@="Avg Control Center License Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562E-1E72-4BD9-B454-299127582DA5}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562E-1E72-4BD9-B454-299127582DA5}\ProgID]

@="AVG.AvgCCLicensePlugin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491A562E-1E72-4BD9-B454-299127582DA5}\VersionIndependentProgID]

@="AVG.AvgCCLicensePlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67B30939-3B35-11d2-A595-002018648BA7}]

@="AVG 6 Compatibility Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67B30939-3B35-11d2-A595-002018648BA7}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avg6cmpt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67B30939-3B35-11d2-A595-002018648BA7}\ProgID]

@="AVG.Kernel.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67B30939-3B35-11d2-A595-002018648BA7}\VersionIndependentProgID]

@="AVG.Kernel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8528CE0F-85B4-11D5-989F-0000E87B4FB1}]

@="Avg Mail Test Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8528CE0F-85B4-11D5-989F-0000E87B4FB1}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgmail.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8528CE0F-85B4-11D5-989F-0000E87B4FB1}\ProgID]

@="AVG.AvgMailTest.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8528CE0F-85B4-11D5-989F-0000E87B4FB1}\VersionIndependentProgID]

@="AVG.AvgMailTest"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}]

@="Avg Alert Manager UI Rule Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgamui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}\ProgID]

@="AVG.AvgAmUIRule.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}\VersionIndependentProgID]

@="AVG.AvgAmUIRule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}]

@="Avg Alert Manager UI Values Config Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgamui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}\ProgID]

@="AVG.AvgAmUIPluginValuesConfig.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}\VersionIndependentProgID]

@="AVG.AvgAmUIPluginValuesConfig"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}]

@="AVG7 Find Extension Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgse.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA70B423-9C37-4793-9EB8-6292160324E8}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgamsps.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B64263D2-8A70-4f86-BC9A-57BE9A7B66DD}]

@="AVG for Office 2000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B64263D2-8A70-4f86-BC9A-57BE9A7B66DD}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgoff2k.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B64263D2-8A70-4f86-BC9A-57BE9A7B66DD}\ProgID]

@="AVG.Office.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B64263D2-8A70-4f86-BC9A-57BE9A7B66DD}\VersionIndependentProgID]

@="AVG.Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE78EA97-ED52-4F2D-9CC4-54C5EA379269}]

@="AVG Pup Exception Manager Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE78EA97-ED52-4F2D-9CC4-54C5EA379269}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgcfg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE78EA97-ED52-4F2D-9CC4-54C5EA379269}\ProgID]

@="AVG.PupExcept.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE78EA97-ED52-4F2D-9CC4-54C5EA379269}\VersionIndependentProgID]

@="AVG.PupExcept"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00ED-7309-4712-975D-627B7E497929}]

@="AVG Alert Manager Rule Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00ED-7309-4712-975D-627B7E497929}\LocalServer32]

@=""C:\Program Files\Grisoft\AVG7\avgamsvr.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00ED-7309-4712-975D-627B7E497929}\ProgID]

@="AVG.AvgAmRule.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00ED-7309-4712-975D-627B7E497929}\VersionIndependentProgID]

@="AVG.AvgAmRule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00EE-7309-4712-975D-627B7E497929}]

@="AVG Alert Manager Plugin Values Config Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00EE-7309-4712-975D-627B7E497929}\LocalServer32]

@=""C:\Program Files\Grisoft\AVG7\avgamsvr.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00EE-7309-4712-975D-627B7E497929}\ProgID]

@="AVG.AvgAmAlertManagerPluginValuesConfig.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D64A00EE-7309-4712-975D-627B7E497929}\VersionIndependentProgID]

@="AVG.AvgAmAlertManagerPluginValuesConfig"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}]

@="Avg Alert Manager Internal Plugin Config Gui Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgamiui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}\ProgID]

@="AVG.AvgAmInternalPluginConfigGui.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}\VersionIndependentProgID]

@="AVG.AvgAmInternalPluginConfigGui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB81754D-CFEF-4323-BE7F-296D3FA3F162}]

@="AVG Alert Manager Internal Plugin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB81754D-CFEF-4323-BE7F-296D3FA3F162}\InprocServer32]

@="C:\Program Files\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB81754D-CFEF-4323-BE7F-296D3FA3F162}\ProgID]

@="AMPInt.AvgAmInternalPlugin.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB81754D-CFEF-4323-BE7F-296D3FA3F162}\VersionIndependentProgID]

@="AMPInt.AvgAmInternalPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}]

@="AVG 7.0 Control Center Plugin Enumerator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5624-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Scheduler Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5625-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Resident Shield Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5626-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Virus Vault Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5627-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Update Manager Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5628-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Virus Database Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A562A-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Shell Extension Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A562C-1E72-4BD9-B454-299127582DA5}]

@="AVG 7.0 Control Center Email Scanner Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}]

@="AvgUpdateService Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}\LocalServer32]

@=""C:\Program Files\Grisoft\AVG7\avgupsvc.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}\ProgID]

@="AVG.UpdateService.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}\VersionIndependentProgID]

@="AVG.UpdateService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2133AA56-84E6-4df1-886D-2948783CF2B6}]

@="IAvgAmAlertManagerPluginValuesConfig"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED0-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailControl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED1-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailServer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED2-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailMonitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED3-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailServerPop3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED4-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailServerSmtp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED5-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailControl2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED6-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgServerMoreParams"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED7-8D1A-11D5-989F-0000E87B4FB1}]

@="IAvgEmailControl3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1100-989B-0000E87B4FB1}]

@="IAvgUpdateManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1101-989B-0000E87B4FB1}]

@="IAvgCheckUpdateCallback"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1105-989B-0000E87B4FB1}]

@="IAvgProcessUpdateCallback"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1110-989B-0000E87B4FB1}]

@="IAvgUpdateManager2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1111-989B-0000E87B4FB1}]

@="IAvgUpdateManager3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{433352F2-1BAD-4D80-A26F-5A34F4A2D2A1}]

@="IAvgAmRule3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA70B423-9C37-4793-9EB8-6292160324E8}]

@="IAvgAmRule2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC8FF1FA-0040-4318-99EA-205DD4FD25C8}]

@="IAvgAmEnumAttributes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC8FF1FA-0040-4321-99EA-205DD4FD25C8}]

@="IAvgAmEnumBSTR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC6BB3BB-5EE8-4046-8D20-1A6975C45141}]

@="IAvgAmEvent2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7A533DB-676E-4cc2-9890-BD547A7CFD28}]

@="IAvgAmAlertManager2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG7 Shell Extension]

[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Avg7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Avg7\AMPlugins\AvgAmInternal]

[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Avg7\config]

"dfncfg"="C:\Program Files\Grisoft\AVG7\dfncfgfr.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Clients\{3C9EFEC2-8D1A-11D5-989F-0000E87B4FB1}]

@="@Avg_App_Mail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Clients\{3C9EFEC2-8D1A-11D5-989F-0000E87B4FB1}]

"Config"="C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Clients\{3C9EFEC2-8D1A-11D5-989F-0000E87B4FB1}]

"Log"="C:\Documents and Settings\All Users\Application Data\AVG7\Log"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\delavg7_en]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

"DllName"="avgssie.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{91120000-002F-0000-0000-0000000FF1CE}]

"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQAaQBjAGkAdAB5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG7Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGW.EXE]

@="C:\PROGRA~1\Grisoft\AVG7\avgw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\Avg7Find]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\Avg7Find\0\DefaultIcon]

@="C:\Program Files\Grisoft\AVG7\avgse.dll,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42C2662EE13B94340A4823BE678E7B06\Features]

"BufferChm"="gu1}a'%%o9hE)^G_acXpx3!zWPhrq8&D@uZ`TPfRlK]77X%1L@6PgxvA+&!bx}Q(Q9Ji?9Su565J~M7@ok&R=StA6?)pL]VgbS1DI{yG?{?Bz?KvOvgwR^71Tm`57-{,d==LyKNnPe&woAx7]$V{DAr.FOVtqD+4?6m~^23BR=Cs_@'-P^VKPr~CF*p!)A`v[Z=?V88`dlrcialYK9(m^PihfvcI4K'yukD}29QsE=)[RC'Es-y[TC)Yk@+=8++u&f&?A)h(jdoE[=uF5J)Sps6r${)vXRh@(A'R$e?vlk4uVYSrBhg[m9h8F)%&4RPi}I-6Fx%AQ?j9B?vA4)F`CMeM(@Ym59b*6b,xoj!nEVGXTV@qd@@TLaps(-*L3RoYe?O(8?&xpmZ6n4'XsOe{Asn~59D)yx$m=3Rj]X5ypsD_g?GMtt`1SuX2K0X-`=oSz@V}~9$9=m$P3U7T]d){`8T(Z_^d1%5=g6!!VpXH!@sY~t1RU}Ly{tVww7T~R@=j3rj]jTSt$GmPwq=hT9EgI&*8q*ANxW~aj8TVZ@xt$M`qg{PQ$s,C3xF+G?~M^[!~VP0,(T]!-IG(QA0xsfl!&n~ZV@Hr=?A1~=t_Ong[a6=4(!{be_idi?~zLD%[4{hHOipHykBQVA@LBa`t%^PhLwzuG2JcE=C%0U633!D)sY)Pj-]Y=9{c(_-a2bK5p`E%1V?jPAS~)p%1)Bak^kC[ei,~WAu5(PWmm+qt)LGan5Y0x=eg)5{Gk.yKa0]5,wHah8Iv4hBI{w(,wRO~UmH)h=a}PV_IFLHT)}[Qy*`,*?mcOp2YXhLIIPIs$8qM_8B6p]n.7mAQ8fJq=v1G&@uk@89Jbn0]f7=Tg4Bh

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\55EEFB3E2E930EB49B6698EF8583221C\Features]

"SYSTEM_CHECK"="~[O3(D(x$@52%x6,kD`x[xNrqS!&u@zOi1scbYtk}Zm+mOkp{9XI3nyIGJLKRm-(BR){79!,}TT}@`}y+q}E$~=WV?B?868694@s104uyZNSb@-,3MztcrsrpQP~Ru6-~98-ylr&]poIQ}]kmW(P[9nB0-?7EArBq-XCqcsQb8^X6DuTs+qZ4=yr8[JDg98EZPd8r(F=3Lnc^P*I9=2yS$hAUn1%DPXkWX3dAAc`l85E[QD@GNZ=iaZ]U?wnV&3eKAvG^KuZDFN{.=_i)lnvuY{5Z3hk2'}fq?{)y03goG.t)sn6fHpqi=t6ZV9c&Sip$hKbsoR$!Ahw!{Mds5S-sD8^qdJ`h9+4MplvRYBhuTg1v$_FE=k$^poz&]cg$HL$'8=TA?_Mqm[q(~8o*[,fvBdHz@yo_.I1&vDHxL[.!J,k8=r}y]'M4B3VRJ9Yf]HZPAMP@OCDFerqG=w)m%H'n?UA^.p[tH_-e~`_j_4gV=k63Tlz-]IdZ423.HlYe8xnJ]kxvaBXxTbSQ=J[o9n'm]IN!KbDN[sSj8S{q=yv4PU5%~)0E-~&OY0}]A%fig$K[K)6d^lwHdtkf91y&rVKofXz%wt'kr2ML=2@khhOU&g$v467^b~1KA]_`B=XbXo6B@[iyAmVaAtqcx[a{L?C(Y{83sARJ?*2~]7B1}h-zeW[Ek^zj@^P~`.}.s4E[4MP-5!7==K(GasNyOI.1`0+?[%b{9Wtz`kX^V-_u0n[4j97v9PVZ?n~1{a(?AdqJ}2,f=I'%(c9=E%qBtY[u'_SK@)e[u1HlBQgUMpVzpl%aAPQe]0JdPiR39R!sZEf]8'J~URgyMllj}`_E=aE)@,mzaU`^P%I.w&gy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the duration of the idle thread is active in the sample interval, and subtracting that time from interval duration. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7ALRT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7ALRT\0000]

"Service"="Avg7Alrt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7ALRT\0000]

"DeviceDesc"="AVG7 Alert Manager Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE\0000]

"Service"="Avg7Core"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE\0000]

"DeviceDesc"="AVG7 Kernel"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE\0000\Control]

"ActiveService"="Avg7Core"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000]

"Service"="Avg7RsW"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000]

"DeviceDesc"="AVG7 Wrap Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP\0000]

"Service"="Avg7RsXP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP\0000]

"DeviceDesc"="AVG7 Resident Driver XP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7UPDSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7UPDSVC\0000]

"Service"="Avg7UpdSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7UPDSVC\0000]

"DeviceDesc"="AVG7 Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGCLEAN]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGCLEAN\0000]

"Service"="AvgClean"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGCLEAN\0000]

"DeviceDesc"="AVG7 Clean Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGCLEAN\0000\Control]

"ActiveService"="AvgClean"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGEMS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGEMS\0000]

"Service"="AVGEMS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGEMS\0000]

"DeviceDesc"="AVG E-mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO\0000]

"Service"="avgio"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO\0000]

"DeviceDesc"="avgio"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT\0000]

"Service"="avgntflt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT\0000]

"DeviceDesc"="avgntflt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI\0000]

"Service"="AvgTdi"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI\0000]

"DeviceDesc"="AVG Network Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Alrt]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Alrt]

"DisplayName"="AVG7 Alert Manager Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Alrt\Enum]

"0"="Root\LEGACY_AVG7ALRT\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core]

"ImagePath"="\SystemRoot\System32\Drivers\avg7core.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core]

"DisplayName"="AVG7 Kernel"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core\Parameters]

"AvgDir"="C:\PROGRA~1\Grisoft\AVG7\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core\Parameters]

"TempDir"="C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft\Avg7Data\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core\Enum]

"0"="Root\LEGACY_AVG7CORE\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW]

"ImagePath"="\SystemRoot\System32\Drivers\avg7rsw.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW]

"DisplayName"="AVG7 Wrap Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW\Enum]

"0"="Root\LEGACY_AVG7RSW\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP]

"ImagePath"="\SystemRoot\System32\Drivers\avg7rsxp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP]

"DisplayName"="AVG7 Resident Driver XP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP]

"Group"="AVG"

JoeNeedsHelpBad · November 30, 2011

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP\Enum]

"0"="Root\LEGACY_AVG7RSXP\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7UpdSvc]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7UpdSvc]

"DisplayName"="AVG7 Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7UpdSvc\Enum]

"0"="Root\LEGACY_AVG7UPDSVC\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgClean]

"ImagePath"="\SystemRoot\System32\Drivers\avgclean.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgClean]

"DisplayName"="AVG7 Clean Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgClean\Enum]

"0"="Root\LEGACY_AVGCLEAN\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGEMS]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGEMS]

"DisplayName"="AVG E-mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGEMS\Enum]

"0"="Root\LEGACY_AVGEMS\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdi]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdi]

"DisplayName"="AVG Network Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdi\Enum]

"0"="Root\LEGACY_AVGTDI\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]

"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter sprtsvc_dellsupportcenter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Office 12 Microsoft H.323 Telephony Service Provider Microsoft Fax Microsoft ® Visual C# 2005 Compiler McLogE

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]

"EventMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]

"CategoryMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]

"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]

"CategoryMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7UpdSvc]

"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7ALRT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7ALRT\0000]

"Service"="Avg7Alrt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7ALRT\0000]

"DeviceDesc"="AVG7 Alert Manager Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7CORE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW\0000]

"Service"="Avg7RsW"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSW\0000]

"DeviceDesc"="AVG7 Wrap Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7RSXP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7UPDSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7UPDSVC\0000]

"Service"="Avg7UpdSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVG7UPDSVC\0000]

"DeviceDesc"="AVG7 Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGCLEAN]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGEMS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGEMS\0000]

"Service"="AVGEMS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGEMS\0000]

"DeviceDesc"="AVG E-mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIO]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIO\0000]

"Service"="avgio"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIO\0000]

"DeviceDesc"="avgio"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGNTFLT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGNTFLT\0000]

"Service"="avgntflt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGNTFLT\0000]

"DeviceDesc"="avgntflt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Alrt]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Alrt]

"DisplayName"="AVG7 Alert Manager Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Core]

"ImagePath"="\SystemRoot\System32\Drivers\avg7core.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Core]

"DisplayName"="AVG7 Kernel"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Core]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Core\Parameters]

"AvgDir"="C:\PROGRA~1\Grisoft\AVG7\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7Core\Parameters]

"TempDir"="C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft\Avg7Data\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7RsW]

"ImagePath"="\SystemRoot\System32\Drivers\avg7rsw.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7RsW]

"DisplayName"="AVG7 Wrap Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7RsW]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7RsXP]

"ImagePath"="\SystemRoot\System32\Drivers\avg7rsxp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7RsXP]

"DisplayName"="AVG7 Resident Driver XP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7RsXP]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7UpdSvc]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avg7UpdSvc]

"DisplayName"="AVG7 Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgClean]

"ImagePath"="\SystemRoot\System32\Drivers\avgclean.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgClean]

"DisplayName"="AVG7 Clean Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGEMS]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVGEMS]

"DisplayName"="AVG E-mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgTdi]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgTdi]

"DisplayName"="AVG Network Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]

"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter sprtsvc_dellsupportcenter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Office 12 Microsoft H.323 Telephony Service Provider Microsoft Fax Microsoft ® Visual C# 2005 Compiler McLogE

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVG7]

"EventMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVG7]

"CategoryMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Avg7Alrt]

"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Avg7Alrt]

"CategoryMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Avg7UpdSvc]

"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7ALRT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7ALRT\0000]

"Service"="Avg7Alrt"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7ALRT\0000]

"DeviceDesc"="AVG7 Alert Manager Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000]

"Service"="Avg7Core"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000]

"DeviceDesc"="AVG7 Kernel"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000\Control]

"ActiveService"="Avg7Core"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000]

"Service"="Avg7RsW"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000]

"DeviceDesc"="AVG7 Wrap Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000]

"Service"="Avg7RsXP"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000]

"DeviceDesc"="AVG7 Resident Driver XP"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC\0000]

"Service"="Avg7UpdSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC\0000]

"DeviceDesc"="AVG7 Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGCLEAN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGCLEAN\0000]

"Service"="AvgClean"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGCLEAN\0000]

"DeviceDesc"="AVG7 Clean Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGCLEAN\0000\Control]

"ActiveService"="AvgClean"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGEMS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGEMS\0000]

"Service"="AVGEMS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGEMS\0000]

"DeviceDesc"="AVG E-mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO\0000]

"Service"="avgio"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO\0000]

"DeviceDesc"="avgio"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT\0000]

"Service"="avgntflt"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT\0000]

"DeviceDesc"="avgntflt"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000]

"Service"="AvgTdi"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000]

"DeviceDesc"="AVG Network Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Alrt]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Alrt]

"DisplayName"="AVG7 Alert Manager Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Alrt\Enum]

"0"="Root\LEGACY_AVG7ALRT\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Core]

"ImagePath"="\SystemRoot\System32\Drivers\avg7core.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Core]

"DisplayName"="AVG7 Kernel"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Core]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Core\Parameters]

"AvgDir"="C:\PROGRA~1\Grisoft\AVG7\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Core\Parameters]

"TempDir"="C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft\Avg7Data\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7Core\Enum]

"0"="Root\LEGACY_AVG7CORE\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsW]

"ImagePath"="\SystemRoot\System32\Drivers\avg7rsw.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsW]

"DisplayName"="AVG7 Wrap Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsW]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsW\Enum]

"0"="Root\LEGACY_AVG7RSW\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsXP]

"ImagePath"="\SystemRoot\System32\Drivers\avg7rsxp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsXP]

"DisplayName"="AVG7 Resident Driver XP"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsXP]

"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7RsXP\Enum]

"0"="Root\LEGACY_AVG7RSXP\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7UpdSvc]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7UpdSvc]

"DisplayName"="AVG7 Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg7UpdSvc\Enum]

"0"="Root\LEGACY_AVG7UPDSVC\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean]

"ImagePath"="\SystemRoot\System32\Drivers\avgclean.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean]

"DisplayName"="AVG7 Clean Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean\Enum]

"0"="Root\LEGACY_AVGCLEAN\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGEMS]

"ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGEMS]

"DisplayName"="AVG E-mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGEMS\Enum]

"0"="Root\LEGACY_AVGEMS\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdi]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdi]

"DisplayName"="AVG Network Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdi\Enum]

"0"="Root\LEGACY_AVGTDI\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]

"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter sprtsvc_dellsupportcenter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Office 12 Microsoft H.323 Telephony Service Provider Microsoft Fax Microsoft ® Visual C# 2005 Compiler Mc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7]

"EventMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7]

"CategoryMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7Alrt]

"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7Alrt]

"CategoryMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7UpdSvc]

"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.dll"

[HKEY_USERS\.DEFAULT\Software\Grisoft\Avg7]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-19\Software\Grisoft\Avg7]

[HKEY_USERS\S-1-5-20\Software\Grisoft\Avg7]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Adobe\Acrobat Reader\7.0\AVGeneral]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\AvgAPI]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\AvgCC]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\AvgFree]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\AvgInet]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\AvgUpgrader]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\AvgVV]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Grisoft\Avg7\Config\upg]

"cfg.SetupFile"="C:\Documents and Settings\Joseph Andrew Fox\My Documents\Downloads\avg75487.exe"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]

"b"="C:\Documents and Settings\Joseph Andrew Fox\Desktop\delavg7_en.exe"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]

"a"="C:\Documents and Settings\Joseph Andrew Fox\My Documents\Downloads\avg75487.exe"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]

"d"="C:\Documents and Settings\Joseph Andrew Fox\Desktop\7.5_519a_avg75free_519a1276.exe"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]

"h"="C:\Documents and Settings\Joseph Andrew Fox\Desktop\avg_remover_stf_x86_2012_1796.exe"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]

"j"="C:\Documents and Settings\Joseph Andrew Fox\Desktop\delavg7_en.exe"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AVG 7.5]

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\Documents and Settings\Joseph Andrew Fox\Desktop\delavg7_en.exe"="delavg7_en"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\AVGTemp\delavg7_en\info.bat"="info"

[HKEY_USERS\S-1-5-21-2051622172-96914403-4112823165-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\Documents and Settings\Joseph Andrew Fox\Desktop\avg_remover_stf_x86_2012_1796.exe"="AVG Remover Utility"

[HKEY_USERS\S-1-5-18\Software\Grisoft\Avg7]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

========== filefind ==========

Searching for "AVG"

No files found.

========== folderfind ==========

Searching for "AVG"

No folders found.

-= EOF =-

JoeNeedsHelpBad · December 3, 2011

I just ran Malwarebytes and it found a backdoor file in system 32. I deleted it. Here's the log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8298

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/3/2011 11:37:11 AM

mbam-log-2011-12-03 (11-37-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 349493

Time elapsed: 1 hour(s), 22 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\c_40324.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.

screen317 · December 9, 2011

Hi,

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

JoeNeedsHelpBad · December 12, 2011

Excuse my language but censored. This sucks. Its been on here so long it would have already stolen everything right? I could reinstall the OS but if I kept my files onto a portable hard drive, would it follow with?

screen317 · December 19, 2011

Hi,

I understand your frustration, but I think it's important that you understand the details of what's going on, so that's why I posted that above.

If you kept only documents and pictures on your external, it wouldn't be infected.

I highly recommend formatting to prevent any further damage. Is that something you can do?

JoeNeedsHelpBad · December 22, 2011

I dont have the equipment to. If someone gave me the OS stuff to do it I could.

screen317 · December 27, 2011

Hi,

My apologies for the delay.

We can try cleaning until you have the means to format and reinstall Windows if you'd like.

Please visit this webpage for instructions for running ComboFix (delete all existing copies):

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

JoeNeedsHelpBad · January 6, 2012

Oh shiilllttt. Is it happening again? I can't download...

screen317 · January 7, 2012

I am afraid I need more details than that. What is happening??

JoeNeedsHelpBad · January 23, 2012

Okay so it wouldn't o had downloaded it I assumed it was crashing but it worked just now. It ran and it said it found a rootkit which it then killed? It said it had and then said it had to reboot so it did. It scanned all the way to the "completed stage 50" and started deleting files to which caused the BSOD with the cause of "Bad Pool Header"

screen317 · January 31, 2012

Hi,

I apologize for the extended delay. The new forum software made finding my topics difficult, and yours slipped through.

Can you boot now?? Did ComboFix produce a log??

JoeNeedsHelpBad · February 1, 2012

No, sadly it shut down after step 50. And then the blue screen came....

screen317 · February 2, 2012

Confirm for me that you cannot boot at this point. What does the blue screen exactly say, in its entirety?

JoeNeedsHelpBad · February 18, 2012

Im confused about what the boot is. I can run combofix, but it is shut down when it is almost done. The bluescreen says Bad Pool Header. Its the basic we had to close your system to save it stuff

screen317 · February 22, 2012

I need you to respond more promptly. I'm not getting notified since you are taking weeks at a time.

Booting is turning on your computer and it getting to your Desktop. It appears as though that is the case.

Update MBAM, run a Quick Scan, and post its log.

Post a fresh DDS log.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

JoeNeedsHelpBad · March 7, 2012

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Joseph Andrew Fox :: LISAMARIE [administrator]

3/7/2012 3:30:43 PM

mbam-log-2012-03-07 (15-30-43).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 227975

Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Joseph Andrew Fox at 15:38:15 on 2012-03-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.222 [GMT -8:00]

.

AV: AVG 7.5.560 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\program files\valve\steam\steam.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre0.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre0.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre0.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "c:\program files\valve\steam\steam.exe" -silent

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\joseph~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\driver~1.lnk - c:\documents and settings\joseph andrew fox\my documents\downloads\DriverPerformer_V15.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://2007webmail.chw.edu/OWA/MWScripts/AttachView/1.5/DAX.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{59511AB0-B3C2-4EBE-9DD4-772ED6F9EBAA} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\joseph andrew fox\application data\mozilla\firefox\profiles\uy4qk0fq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - FreeOnlineRadioPlayerRecorder Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\joseph andrew fox\application data\mozilla\firefox\profiles\uy4qk0fq.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\plugins\np-mswmp.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2011-9-19 821856]

R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2011-9-19 10760]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-10-22 238952]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-5-22 36608]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-7 40776]

S1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2011-9-19 4224]

S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2011-9-19 27776]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]

S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe --> c:\progra~1\grisoft\avg7\avgamsvr.exe [?]

S2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe --> c:\progra~1\grisoft\avg7\avgupsvc.exe [?]

S2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe --> c:\progra~1\grisoft\avg7\avgemc.exe [?]

S2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys --> c:\windows\system32\drivers\avgtdi.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-5-22 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-5-22 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-5-22 123648]

.

=============== Created Last 30 ================

.

2012-03-07 23:30:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-18 01:12:24 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-18 01:12:24 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

.

==================== Find3M ====================

.

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2007-08-08 03:16:19 3261688 -c--a-w- c:\program files\Steam.dll

2007-08-08 03:16:19 1039192 -c--a-w- c:\program files\dbghelp.dll

.

============= FINISH: 15:39:09.19 ===============

JoeNeedsHelpBad · March 9, 2012

So I tried to run combofix, which it did, but it didnt produce a log. It got all the way to where it said it was preparing one, only to stay frozen there for hours. And I do mean hours. It said it found rootkit, and I assume had deleted it since it had gotten all the way throught to the "preparing log" phase. Is there a special place where the log is kept? Maybe it had produced one that I am not aware of. In any case, I ran it twice in safe mode with the same results, and once in regular mode.

On a side note, a "status" window continues to pop up with a disk and pc logo, telling me "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path folder containing the installation package 'status.msi' in the box below." Where it gives me a selection to "use source" : C:\DOCUME~1\LISAFO~1\LOCALS~1\Temp\7zS56C4\setup\Status\

Any idea what this is?

Thanks again for being so patient and helping me. I really do appreciate it.

screen317 · April 21, 2012

Joe,

I apologize for the delay. I thought I replied to this a week and a half ago!

See if this file exists: C:\Combofix.txt or C:\log.txt; if so, post it.

Please update MBAM, run a Quick Scan, and post its log.

Your antivirus is ancient.

Please uninstall it. Reboot. Download and install Microsoft Security Essentials.

Reboot.

Run a Full Scan with it and see if anything was detected.

Maurice Naggar · May 24, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Hidden Virus Disabling Malwarebytes and exeHelper

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information