I recently re-installed Windows Vista Basic (32-bit) on my laptop, as I was no longer able to use my AVG anti-virus program. I suspected that this was caused by a virus, which prevented the AVG icon from appearing in the task bar and also prevented me from starting up the AVG program.
There are 2 issues that I would be grateful for your help with.
Issue 1) After re-installing Windows, I installed AVG anti-virus free edition 2012 as my anti-virus program. When I run the AVG virus scan, I see the message:
"Object name";"C:\Windows\security\database\tmp.edb"
"Detection name";"Corrupted executable file"
"Object type";"file"
"SDK Type";"Core"
"Result";"Potentially dangerous object"
Please can you advise on what I should do about this message?
Issue 2) I do not know if this issue is related to issue 1 described above or not, but after re-installing Windows, I noticed that Windows Defender is turned off everytime I re-start Windows, even if I turned it on manually previously. I sometimes get an icon in my task bar telling me that Windows Defender is turned off, which prompts me to manually turn it on. However, I do not always see this icon.
Apart from running OTL, I have not run any other programs / diagnostic tests. Please see below for the output from OTL:
OTL logfile created on: 22/09/2011 21:37:06 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Andrew\Downloads\Downloaded Program Files
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.31 Mb Total Physical Memory | 138.40 Mb Available Physical Memory | 13.66% Memory free
2.24 Gb Paging File | 0.97 Gb Available in Paging File | 43.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.00 Gb Total Space | 113.73 Gb Free Space | 77.90% Space Free | Partition Type: NTFS
Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/22 11:09:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\Downloaded Program Files\OTL.exe
PRC - [2011/09/20 23:12:46 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/20 23:12:45 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/20 12:53:02 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/22 08:22:18 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/09/22 08:21:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/09/22 00:37:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/22 00:36:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/09/20 23:12:45 | 001,451,336 | ---- | M] () -- C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
MOD - [2011/09/20 23:12:45 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/09/20 23:12:46 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F F4 03 CB 66 79 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/20 23:13:14 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B3FF6B7-6489-4D9B-9169-2887B5E905E0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B1FE1F-3876-403A-9990-0A16BCC15EC2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{585152f3-e30c-11e0-9a20-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{585152f3-e30c-11e0-9a20-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/22 08:57:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/22 00:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/22 00:02:50 | 000,000,000 | ---D | C] -- C:\BB50DA297C1A8E9E6FA16B8B
[2011/09/22 00:02:50 | 000,000,000 | ---D | C] -- C:\5BA561DF1F55695DB93AC74C
[2011/09/22 00:02:50 | 000,000,000 | ---D | C] -- C:\3D7B26FCDBBA78ADB16A0B1119DA
[2011/09/21 23:41:54 | 000,000,000 | ---D | C] -- C:\EE758773168B43F2908A075EB9584E
[2011/09/21 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/09/21 22:31:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/21 22:31:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/21 22:31:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/21 22:18:41 | 000,000,000 | ---D | C] -- C:\30DE4CC51C0DAF5B15
[2011/09/21 22:03:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/21 09:02:35 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2011/09/21 09:02:35 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2011/09/21 09:02:34 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/09/21 09:02:32 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2011/09/21 08:35:09 | 000,000,000 | ---D | C] -- C:\5740771B94A8BBF6B21CA46EECDAE3DE
[2011/09/21 08:14:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/09/20 23:34:30 | 000,000,000 | ---D | C] -- C:\C7B007A6062B549280AC43B8BCB1310B
[2011/09/20 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\AVG2012
[2011/09/20 23:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/20 23:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/20 23:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/20 23:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/20 23:11:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/09/20 23:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/20 23:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell QuickSet
[2011/09/20 22:57:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/09/20 22:57:20 | 000,000,000 | ---D | C] -- C:\Intel
[2011/09/20 22:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/09/20 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\TMP
[2011/09/20 22:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/09/20 22:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2011/09/20 22:26:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Powercinema
[2011/09/20 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\CyberLink
[2011/09/20 08:08:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/09/20 08:05:53 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/09/20 08:05:37 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/09/20 08:05:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2011/09/20 00:04:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/20 00:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/19 23:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2011/09/19 23:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2011/09/19 23:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2011/09/19 23:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator DE
[2011/09/19 23:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/09/19 23:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/09/19 23:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/09/19 23:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/09/19 23:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2011/09/19 23:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/09/19 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/09/19 23:39:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011/09/19 23:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2011/09/19 23:38:51 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2011/09/19 23:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/09/19 23:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2011/09/19 23:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2011/09/19 23:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/09/19 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/09/19 23:30:16 | 000,000,000 | ---D | C] -- C:\Dell
[2011/09/19 23:30:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\MediaDirect
[2011/09/19 23:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011/09/19 23:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/09/19 23:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/09/19 23:29:16 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/09/19 23:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/09/19 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\InstallShield
[2011/09/19 23:25:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2011/09/19 23:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/09/19 23:25:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/09/19 23:22:02 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/19 23:22:02 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Searches
[2011/09/19 23:22:02 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/19 23:21:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Identities
[2011/09/19 23:21:53 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Contacts
[2011/09/19 23:21:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\VirtualStore
[2011/09/19 23:21:48 | 000,000,000 | --SD | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Videos
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Saved Games
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Pictures
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Music
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Links
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Favorites
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Downloads
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Documents
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\Temporary Internet Files
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Templates
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Start Menu
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\SendTo
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Recent
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\PrintHood
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\NetHood
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Videos
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Pictures
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Music
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\My Documents
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Local Settings
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\History
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Cookies
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Application Data
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\Application Data
[2011/09/19 23:21:48 | 000,000,000 | -H-D | C] -- C:\Users\Andrew\AppData
[2011/09/19 23:21:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Temp
[2011/09/19 23:21:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Microsoft
[2011/09/19 23:19:22 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011/09/19 23:14:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/19 23:11:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
========== Files - Modified Within 30 Days ==========
[2011/09/22 21:33:09 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/22 21:33:09 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/22 20:39:49 | 104,899,240 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/22 20:34:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 20:34:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 20:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/22 20:33:14 | 1063,301,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/22 08:13:46 | 000,000,943 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/22 00:26:46 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/09/22 00:26:46 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/09/22 00:26:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/09/22 00:14:05 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/22 00:10:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/21 07:10:11 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2011/09/20 23:13:15 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/20 23:03:34 | 000,001,927 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/09/20 23:00:56 | 000,001,356 | ---- | M] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2011/09/20 23:00:53 | 000,016,050 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/09/20 22:40:23 | 000,744,318 | ---- | M] () -- C:\Windows\System32\oem2.inf
[2011/09/20 22:39:57 | 000,022,729 | ---- | M] () -- C:\newkey
[2011/09/20 22:39:57 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2011/09/20 08:05:38 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/19 23:58:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/19 23:51:44 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Roxio Creator Home.lnk
[2011/09/19 23:39:51 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2011/09/19 23:16:09 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
========== Files Created - No Company Name ==========
[2011/09/22 20:39:49 | 104,899,240 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/22 00:26:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/22 00:10:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/21 21:15:15 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/09/21 21:15:12 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/09/21 21:15:00 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/09/21 21:14:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/21 21:14:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/21 21:14:55 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/09/21 21:14:48 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/09/21 21:14:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/09/21 21:14:31 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/09/21 21:13:47 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/09/21 21:13:40 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/09/21 08:12:08 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/09/21 08:12:08 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/09/21 08:12:08 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/09/21 07:10:11 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2011/09/21 00:11:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/21 00:11:23 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/09/20 23:49:07 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/09/20 23:13:15 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/20 23:03:34 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/09/20 23:00:53 | 000,016,050 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/09/20 23:00:03 | 1063,301,120 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 22:57:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/09/20 22:57:17 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2011/09/20 22:57:17 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2011/09/20 22:57:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2011/09/20 22:57:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/09/20 22:57:17 | 000,027,152 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/09/20 22:57:17 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2011/09/20 22:57:17 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2011/09/20 22:40:37 | 000,744,318 | ---- | C] () -- C:\Windows\System32\oem2.inf
[2011/09/20 22:40:06 | 000,001,591 | ---- | C] () -- C:\Windows\System32\Uninst_EAPModules.bat
[2011/09/20 22:40:06 | 000,000,416 | ---- | C] () -- C:\Windows\System32\vcredist_x86.bat
[2011/09/20 22:40:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/09/20 22:40:04 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2011/09/20 22:39:57 | 000,022,729 | ---- | C] () -- C:\newkey
[2011/09/20 22:39:57 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2011/09/20 08:05:38 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/09/20 08:05:37 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/09/20 08:05:16 | 000,000,022 | RH-- | C] () -- C:\Windows\dell_version
[2011/09/20 00:24:08 | 000,000,943 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/19 23:58:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/19 23:51:44 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Roxio Creator Home.lnk
[2011/09/19 23:46:41 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/09/19 23:39:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/09/19 23:29:58 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/09/19 23:29:43 | 000,001,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaDirect.lnk
[2011/09/19 23:22:03 | 000,000,949 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/19 23:22:02 | 000,000,944 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/09/19 23:21:53 | 000,000,915 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/09/19 23:21:49 | 000,001,356 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2011/09/19 23:21:48 | 000,000,258 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/19 23:21:48 | 000,000,240 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/09/20 23:14:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AVG2012
[2011/09/20 22:48:00 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TMP
[2011/09/22 09:18:18 | 000,011,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
I appreciate any help / advice that you can give to resolve these 2 issues.
Thank you very much for your time.
Andrew