Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

(again) My comp is freaking out.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: (again) My comp is freaking out.

Unread postby Bob4 » January 14th, 2009, 7:41 am

_____________________________
Download and Save Blacklight to your desktop:

  • Doubleclick on FSBL.exe.
  • Accept the agreement
  • Click on Scan.
  • Once the Scan is Finished, click on Next.
  • Click on Exit.
    A new document will be produced on the desktop.
    called fsbl 2009**********
    and a host of numbers.
    Open this document with Notepad.
  • Copy and Paste its contents your next reply.


__________________________
Download but DO NOT install yet.

Avira AntiVir Personal Edition Classic
We don't wan tto add to our problems. :x

______________________________
Download and install CCleaner from here


If you use either the Firefox/ Mozilla browsers, the box to uncheck for Cookies (using ccleaner) is on the Applications tab, under Firefox/Mozilla.
Image
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

    Now run the program by clicking on Run Cleaner

    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your registry is risky).


__________________________
Next...

With Ccleaner open.
click on
tools >> Uninstall>> highlight AVAST
Then click on Run uninstaller.

See if that does any better.

If that works go ahead and install
Avira AntiVir Personal Edition Classic now.

You can stop here if it worked.


____________________________

If not let's remove it manually and get you a different AV program.


__________________________________________
Download and Run Registry Search
Download (LINK >>>) Registry Search (<<< LINK) to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • In the top window copy/paste the following line
      Avast
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please save the text file at you desktop and call it found-entries.
Paste the results in your reply

If you don't provide this I will asume you had gotten Avast to uninstall. :D




_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Blacklight
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Re: (again) My comp is freaking out.

Unread postby Kosheen » January 16th, 2009, 7:33 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:17 AM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://worldofwarcraft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4874 bytes

========================

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 1/16/2009 3:16:54 AM for strings:
; 'avast'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast\4.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software\Avast\4.0]
"Avast4DataFolder"="C:\\Program Files\\Alwil Software\\Avast4\\DATA"
"Avast4SkinFolder"="C:\\Program Files\\Alwil Software\\Avast4\\DATA\\Skin"
"Avast4ProgramFolder"="C:\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aswcs]
"Content Type"="application/avast-aswcs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asws]
"Content Type"="application/avast-asws"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\aswcsfile]
@="avast! Compressed Skin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\aswcsfile\shell\open\command]
@="\"C:\\Program Files\\Alwil Software\\Avast4\\ashSimpl.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\aswsfile]
@="avast! Skin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\aswsfile\shell\open\command]
@="\"C:\\Program Files\\Alwil Software\\Avast4\\ashSimpl.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast\ShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
@="avast"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32]
@="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"
"ReleaseName"="C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions]
"avast! 4"="4.0;C:\\Program Files\\Alwil Software\\Avast4\\ashOutXt.dll;1;10000111111000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\avast!]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ashAvast.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ashAvast.exe]
"Path"="C:\\Program Files\\Alwil Software\\Avast4"
@="C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!]
"DisplayName"="avast! Antivirus"
"HelpLink"="http://www.avast.com"
"UrlInfoAbout"="http://www.avast.com"
"UrlUpdateInfo"="http://www.avast.com"
"InstallLocation"="C:\\PROGRA~1\\ALWILS~1\\Avast4"
"InstallSource"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\setup"
"DisplayIcon"="C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"
"UninstallString"="C:\\Program Files\\Alwil Software\\Avast4\\aswRunDll.exe \"C:\\Program Files\\Alwil Software\\Avast4\\Setup\\setiface.dll\",RunSetup"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,\
00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,\
74,00,34,00,5c,00,61,00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,\
00,6c,00,6c,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASWUPDSV\0000]
"DeviceDesc"="avast! iAVS4 Control Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
"DeviceDesc"="avast! Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000\Control]
"ActiveService"="avast! Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER\0000]
"Service"="avast! Mail Scanner"
"DeviceDesc"="avast! Mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_WEB_SCANNER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_WEB_SCANNER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVAST!_WEB_SCANNER\0000]
"Service"="avast! Web Scanner"
"DeviceDesc"="avast! Web Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aavmker4]
"DisplayName"="avast! Asynchronous Virus Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswFsBlk]
"Description"="avast! mini-filter driver (aswFsBlk)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswMon2]
"DisplayName"="avast! Standard Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswMon2\Parameters]
"ProgramFolder"="\\Device\\HarddiskVolume1\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswSP]
"DisplayName"="avast! Self Protection"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswSP\Parameters]
"ProgramFolder"="\\Device\\HarddiskVolume1\\Program Files\\Alwil Software\\Avast4"
"ProgramFolder2"="\\DosDevices\\C:\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswTdi]
"DisplayName"="avast! Network Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswUpdSv]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,77,00,55,00,70,00,64,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="avast! iAVS4 Control Service"
"Description"="Provides automatic updating for the avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,53,00,65,00,72,00,76,00,2e,\
00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="avast! Antivirus"
"Description"="Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus\Enum]
"0"="Root\\LEGACY_AVAST!_ANTIVIRUS\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Mail Scanner]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Mail Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,4d,00,61,00,69,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00
"DisplayName"="avast! Mail Scanner"
; Contents of value:
; avast! Antivirus
;
"DependOnService"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,00,\
74,00,69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00
"Description"="Implements mail scanning for avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Mail Scanner\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Mail Scanner\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Mail Scanner\Enum]
"0"="Root\\LEGACY_AVAST!_MAIL_SCANNER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,57,00,65,00,62,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00
"DisplayName"="avast! Web Scanner"
; Contents of value:
; avast! Antivirus
;
"DependOnService"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,00,\
74,00,69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00
"Description"="Implements web (HTTP) scanning for avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner\Enum]
"0"="Root\\LEGACY_AVAST!_WEB_SCANNER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Antivirus]
; Contents of value:
; avast!
; Antivirus
;
"Sources"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,00,00,41,00,6e,00,74,00,\
69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Antivirus\avast!]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Antivirus\avast!]
"CategoryMessageFile"="C:\\Program Files\\Alwil Software\\Avast4\\aswRes.dll"
"EventMessageFile"="C:\\Program Files\\Alwil Software\\Avast4\\aswRes.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,\
00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,\
74,00,34,00,5c,00,61,00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,\
00,6c,00,6c,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASWUPDSV\0000]
"DeviceDesc"="avast! iAVS4 Control Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
"DeviceDesc"="avast! Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER\0000]
"Service"="avast! Mail Scanner"
"DeviceDesc"="avast! Mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_WEB_SCANNER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_WEB_SCANNER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVAST!_WEB_SCANNER\0000]
"Service"="avast! Web Scanner"
"DeviceDesc"="avast! Web Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Aavmker4]
"DisplayName"="avast! Asynchronous Virus Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswFsBlk]
"Description"="avast! mini-filter driver (aswFsBlk)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswMon2]
"DisplayName"="avast! Standard Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswMon2\Parameters]
"ProgramFolder"="\\Device\\HarddiskVolume1\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswSP]
"DisplayName"="avast! Self Protection"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswSP\Parameters]
"ProgramFolder"="\\Device\\HarddiskVolume1\\Program Files\\Alwil Software\\Avast4"
"ProgramFolder2"="\\DosDevices\\C:\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswTdi]
"DisplayName"="avast! Network Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswUpdSv]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,77,00,55,00,70,00,64,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="avast! iAVS4 Control Service"
"Description"="Provides automatic updating for the avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Antivirus]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,53,00,65,00,72,00,76,00,2e,\
00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="avast! Antivirus"
"Description"="Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Antivirus\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Mail Scanner]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Mail Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,4d,00,61,00,69,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00
"DisplayName"="avast! Mail Scanner"
; Contents of value:
; avast! Antivirus
;
"DependOnService"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,00,\
74,00,69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00
"Description"="Implements mail scanning for avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Mail Scanner\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Web Scanner]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Web Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,57,00,65,00,62,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00
"DisplayName"="avast! Web Scanner"
; Contents of value:
; avast! Antivirus
;
"DependOnService"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,00,\
74,00,69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00
"Description"="Implements web (HTTP) scanning for avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avast! Web Scanner\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Antivirus]
; Contents of value:
; avast!
; Antivirus
;
"Sources"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,00,00,41,00,6e,00,74,00,\
69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Antivirus\avast!]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Antivirus\avast!]
"CategoryMessageFile"="C:\\Program Files\\Alwil Software\\Avast4\\aswRes.dll"
"EventMessageFile"="C:\\Program Files\\Alwil Software\\Avast4\\aswRes.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,\
00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,\
74,00,34,00,5c,00,61,00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,\
00,6c,00,6c,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AAVMKER4\0000]
"DeviceDesc"="avast! Asynchronous Virus Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMON2\0000]
"DeviceDesc"="avast! Standard Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWSP\0000]
"DeviceDesc"="avast! Self Protection"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWTDI\0000]
"DeviceDesc"="avast! Network Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWUPDSV\0000]
"DeviceDesc"="avast! iAVS4 Control Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000]
"Service"="avast! Antivirus"
"DeviceDesc"="avast! Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_ANTIVIRUS\0000\Control]
"ActiveService"="avast! Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_MAIL_SCANNER\0000]
"Service"="avast! Mail Scanner"
"DeviceDesc"="avast! Mail Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_WEB_SCANNER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_WEB_SCANNER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVAST!_WEB_SCANNER\0000]
"Service"="avast! Web Scanner"
"DeviceDesc"="avast! Web Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aavmker4]
"DisplayName"="avast! Asynchronous Virus Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFsBlk]
"Description"="avast! mini-filter driver (aswFsBlk)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2]
"DisplayName"="avast! Standard Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMon2\Parameters]
"ProgramFolder"="\\Device\\HarddiskVolume1\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP]
"DisplayName"="avast! Self Protection"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP\Parameters]
"ProgramFolder"="\\Device\\HarddiskVolume1\\Program Files\\Alwil Software\\Avast4"
"ProgramFolder2"="\\DosDevices\\C:\\Program Files\\Alwil Software\\Avast4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTdi]
"DisplayName"="avast! Network Shield Support"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswUpdSv]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,77,00,55,00,70,00,64,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="avast! iAVS4 Control Service"
"Description"="Provides automatic updating for the avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,53,00,65,00,72,00,76,00,2e,\
00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="avast! Antivirus"
"Description"="Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus\Enum]
"0"="Root\\LEGACY_AVAST!_ANTIVIRUS\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,4d,00,61,00,69,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00
"DisplayName"="avast! Mail Scanner"
; Contents of value:
; avast! Antivirus
;
"DependOnService"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,00,\
74,00,69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00
"Description"="Implements mail scanning for avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner\Enum]
"0"="Root\\LEGACY_AVAST!_MAIL_SCANNER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,57,00,65,00,62,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00
"DisplayName"="avast! Web Scanner"
; Contents of value:
; avast! Antivirus
;
"DependOnService"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,00,\
74,00,69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00
"Description"="Implements web (HTTP) scanning for avast! antivirus."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner\Enum]
"0"="Root\\LEGACY_AVAST!_WEB_SCANNER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus]
; Contents of value:
; avast!
; Antivirus
;
"Sources"=hex(7):61,00,76,00,61,00,73,00,74,00,21,00,00,00,41,00,6e,00,74,00,\
69,00,76,00,69,00,72,00,75,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus\avast!]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus\avast!]
"CategoryMessageFile"="C:\\Program Files\\Alwil Software\\Avast4\\aswRes.dll"
"EventMessageFile"="C:\\Program Files\\Alwil Software\\Avast4\\aswRes.dll"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast]
@="avast! antivirus"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Automatic VPS update]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\vpsupd.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\vpsupd.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Detection of suspicious message]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\suspic.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\suspic.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\hover.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\hover.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Other malware found]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Other malware found\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Other malware found\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\malfound.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Other malware found\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Other malware found\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\malfound.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Program end]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Program end\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Program end\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Program start]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Program start\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Program start\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\press.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\press.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Task done]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Task done\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Task done\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\ready.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Task done\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Task done\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\ready.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Virus found]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Virus found\.Current]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Virus found\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\virfound.wav"

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Virus found\.Modified]

[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\Avast\Virus found\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\virfound.wav"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com\www]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast]
@="avast! antivirus"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Automatic VPS update]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Detection of suspicious message]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\suspic.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\suspic.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\hover.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\hover.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Other malware found]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Other malware found\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Other malware found\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\malfound.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Other malware found\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Other malware found\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\malfound.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Program end]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Program end\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Program end\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Program start]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Program start\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Program start\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\press.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\press.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Task done]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Task done\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Task done\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\ready.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Task done\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Task done\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\ready.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Virus found]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Virus found\.Current]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Virus found\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\virfound.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Virus found\.Modified]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\AppEvents\Schemes\Apps\Avast\Virus found\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\virfound.wav"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashAvast]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashAvast\splash]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashChest]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashChest\ChestFileList]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashChest\Settings]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashSimpl]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashSimpl\Settings]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashUInt]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\ALWIL Software\Avast\4.0\ashUInt\Settings]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\BillP Studios\Detected\ActiveTasks]
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\aswUpdSv.exe"="11/05/2008 2:54 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\ashServ.exe"="11/05/2008 2:54 AM"
"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"="11/05/2008 2:54 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\ashMaiSv.exe"="11/05/2008 2:54 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\ashWebSv.exe"="11/05/2008 2:54 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\ashSimpl.exe"="11/05/2008 3:39 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\Setup\\AVAST.SETUP"="11/05/2008 11:48 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\Avast4\\ashAvast.exe"="01/12/2009 10:01 PM"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\BillP Studios\Detected\Services]
"C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe"="11/05/2008 2:54 AM"
"C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"="11/05/2008 2:54 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\AVAST4\\ASHMAISV.EXE"="11/13/2008 1:59 AM"
"C:\\PROGRAM FILES\\ALWIL SOFTWARE\\AVAST4\\ASHWEBSV.EXE"="11/13/2008 1:59 AM"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\BillP Studios\Detected\Startup]
"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"="11/05/2008 2:54 AM"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\BillP Studios\WinPatrol\Run]
"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"="1"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\BillP Studios\WinPatrol\Services]
"avast! iAVS4 Control Service"="700"
"avast! Antivirus"="700"
"avast! Mail Scanner"="700"
"avast! Web Scanner"="700"

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\avast! Antivirus]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com\www]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com\www]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com\www]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com\www]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_USERS\S-1-5-21-1123561945-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com\www]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast]
@="avast! antivirus"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Automatic VPS update]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\vpsupd.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Automatic VPS update\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\vpsupd.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Detection of suspicious message]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\suspic.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Detection of suspicious message\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\suspic.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\hover.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Mouse over the simple user interface button\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\hover.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Other malware found]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Other malware found\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Other malware found\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\malfound.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Other malware found\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Other malware found\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\malfound.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Program end]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Program end\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Program end\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Program start]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Program start\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Program start\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\press.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Simple user interface button pressed\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\press.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Task done]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Task done\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Task done\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\ready.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Task done\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Task done\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\ready.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Virus found]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Virus found\.Current]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Virus found\.Current]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\virfound.wav"

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Virus found\.Modified]

[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\Avast\Virus found\.Modified]
@="C:\\Program Files\\Alwil Software\\Avast4\\English\\virfound.wav"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com\www]

; End Of The Log...

=====================

01/16/09 02:59:09 [Info]: BlackLight Engine 1.0.70 initialized
01/16/09 02:59:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/16/09 02:59:10 [Note]: 7019 4
01/16/09 02:59:10 [Note]: 7005 0
01/16/09 02:59:12 [Note]: 7006 0
01/16/09 02:59:12 [Note]: 7011 1548
01/16/09 02:59:12 [Note]: 7035 0
01/16/09 02:59:12 [Note]: 7026 0
01/16/09 02:59:12 [Note]: 7026 0
01/16/09 02:59:15 [Note]: FSRAW library version 1.7.1024
01/16/09 03:05:52 [Note]: 7007 0


Obviously no luck on Avast. :( Hope I got everything correct. Talk to you soon. And as always Thank You Again! :D
Kosheen
Regular Member
 
Posts: 20
Joined: October 20th, 2008, 10:06 am

Re: (again) My comp is freaking out.

Unread postby Bob4 » January 16th, 2009, 4:51 pm

1. Download aswclear.exe to your desktop.

2. Disconnect from the internet
Easiest = pull the plug that connects you to the internet weather it be to your modem or router.
OR
Go to control panel>network connections> right click on your connection and choose
disable.


3. Start Windows in Safe Mode
4.Open (execute) the uninstall utility on your desktop
5. Click REMOVE
6. Restart your computer
7. Install the new anti virus program
8. Reconnect to the internet

If this doesn't remove it I am ready with a manual uninstall. But this looks as if it should work.

Post a new HJT log and let me know how that went.
Also let me know how everything else seems to be running.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: (again) My comp is freaking out.

Unread postby Kosheen » January 18th, 2009, 4:23 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:30 PM, on 1/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://worldofwarcraft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4824 bytes

Everything else seems to be running smoothly. Websites are back to normal and my comp isn't freezing or restarting on its own. :D As I'm sure you can see I got the Avast out and the Avira in! Thank you oodles for this.

Once I get paid this week I do plan on donating some money! You guys rock and save people a ton of headache and money! Hopefully everything is wrapping up cause I've been a bit busy and feel bad for responding so late. Can't say Thank You enough!
Kosheen
Regular Member
 
Posts: 20
Joined: October 20th, 2008, 10:06 am

Re: (again) My comp is freaking out.

Unread postby Bob4 » January 18th, 2009, 4:57 pm

Great news ! Image

Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!


You may delelte the following from the desktop

Blacklight
Reg search.zip
aswclear.exe
S&D fix.exe




___________________________________
The following will implement some cleanup procedures for the tool we used as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u







_______________________________________
A few things to help with possible threats

These are optional . But will help protect you further.
and
Some of these you may already have.





________________________________________
Windows Updates
Be certain automatic updates is turned on for XP. - For Vista Or if you like to do it manually be sure to visit http://update.microsoft.com/ regularly. This requires internet explorer to do so.

This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Browser settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust.com/firetrustsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and Install a HOSTS File

Download HostsXpert and unzip it to your computer, somewhere where you can find it.
  • Run HostsXpert
  • If Hosts file is Read Only, click on Make Writeable, otherwise move on to next stage.
  • Click Download button.
  • Click MVPs Hosts
  • Click Merge File
  • Press OK to download latest MVPs update and merge it with your Hosts.
  • When finished click File Handling
  • Click Make Read Only to secure your Hosts file.
  • Exit HostsXpert.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.



_______________________________________
So many people are point and click crazy either because there naive or their in a rush.

Always watch closely to any software your installing.
If they want to install something more than their program stop right there and investigate what it is they want to place on your computer.
If they give you the option not to install it choose that until you investigate it completely.
The more you install that you don't want or need the more you'll wish you didn't.





Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.



Safe and Happy Surfing. :) And thanks for the donation. :D
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: (again) My comp is freaking out.

Unread postby Gary R » January 20th, 2009, 5:00 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware