Antivirus 2010 RTK Removal Guide

Antivirus 2010 RTK is a fake antivirus and dangerous program which will install rootkit and trojan on the computer so that to hijack the important information in the computer. After the installation of Antivirus 2010 RTK, it will install other trojans on the computer make itself very hard to be removed from the computer. Antivirus 2010 RTK also will scare the user with false report that there are a lot of files on the computer are infected by trojan and malware and it will urge the user the purchase the registered version of Antivirus 2010 RTK. Antivirus 2010 RTK CANNOT detect malware, trojan or virus but it can just bring more harm to the computer only.

Antivirus 2010 RTK can be removed by stop the processes: wingamma.exe, svchost.exe in c:\Program Files\AV2010, AV2010.exe and [random.exe]. Kill the files after stopping the processes. Then remove all the related files and registry entries as shown in the removal guide below.

Antivirus 2010 RTK should be removed immediately!

Antivirus 2010 RTK Removal Guide
Kill Process
(How to kill a process effectively?)
wingamma.exe
c:\Program Files\AV2010\svchost.exe
AV2010.exe

Unregister DLL files
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\mswmqnei.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CURRENT_USER\Software\AV2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFBCFDBA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_CLASSES_ROOT\Interface\{35c95ec8-f789-9a3a-375c-bdb89a3684fd}

Remove Folders and Files
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\WINDOWS\system32\wingamma.exe
c:\WINDOWS\system32\IEDefender.dll
c:\Program Files\AV2010
c:\WINDOWS\system32\drivers\vbma22b4.sys
c:\WINDOWS\system32\mswmqnei.dll
c:\Documents and Settings\All Users\Application Data\.wtav