[Ferral]

Hello,

I recently re-installed Windows Vista Basic (32-bit) on my laptop, as I was no longer able to use my AVG anti-virus program. I suspected that this was caused by a virus, which prevented the AVG icon from appearing in the task bar and also prevented me from starting up the AVG program.

There are 2 issues that I would be grateful for your help with.

Issue 1) After re-installing Windows, I installed AVG anti-virus free edition 2012 as my anti-virus program. When I run the AVG virus scan, I see the message:

"Object name";"C:\Windows\security\database\tmp.edb"
"Detection name";"Corrupted executable file"
"Object type";"file"
"SDK Type";"Core"
"Result";"Potentially dangerous object"

Please can you advise on what I should do about this message?

Issue 2) I do not know if this issue is related to issue 1 described above or not, but after re-installing Windows, I noticed that Windows Defender is turned off everytime I re-start Windows, even if I turned it on manually previously. I sometimes get an icon in my task bar telling me that Windows Defender is turned off, which prompts me to manually turn it on. However, I do not always see this icon.


Apart from running OTL, I have not run any other programs / diagnostic tests. Please see below for the output from OTL:


OTL logfile created on: 22/09/2011 21:37:06 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Andrew\Downloads\Downloaded Program Files
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.31 Mb Total Physical Memory | 138.40 Mb Available Physical Memory | 13.66% Memory free
2.24 Gb Paging File | 0.97 Gb Available in Paging File | 43.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.00 Gb Total Space | 113.73 Gb Free Space | 77.90% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/22 11:09:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\Downloaded Program Files\OTL.exe
PRC - [2011/09/20 23:12:46 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/20 23:12:45 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/20 12:53:02 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/22 08:22:18 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/09/22 08:21:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/09/22 00:37:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/22 00:36:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/09/20 23:12:45 | 001,451,336 | ---- | M] () -- C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
MOD - [2011/09/20 23:12:45 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/20 23:12:46 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F F4 03 CB 66 79 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/20 23:13:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B3FF6B7-6489-4D9B-9169-2887B5E905E0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B1FE1F-3876-403A-9990-0A16BCC15EC2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{585152f3-e30c-11e0-9a20-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{585152f3-e30c-11e0-9a20-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 08:57:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/22 00:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/22 00:02:50 | 000,000,000 | ---D | C] -- C:\BB50DA297C1A8E9E6FA16B8B
[2011/09/22 00:02:50 | 000,000,000 | ---D | C] -- C:\5BA561DF1F55695DB93AC74C
[2011/09/22 00:02:50 | 000,000,000 | ---D | C] -- C:\3D7B26FCDBBA78ADB16A0B1119DA
[2011/09/21 23:41:54 | 000,000,000 | ---D | C] -- C:\EE758773168B43F2908A075EB9584E
[2011/09/21 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/09/21 22:31:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/21 22:31:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/21 22:31:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/21 22:18:41 | 000,000,000 | ---D | C] -- C:\30DE4CC51C0DAF5B15
[2011/09/21 22:03:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/21 09:02:35 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2011/09/21 09:02:35 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2011/09/21 09:02:34 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/09/21 09:02:32 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2011/09/21 08:35:09 | 000,000,000 | ---D | C] -- C:\5740771B94A8BBF6B21CA46EECDAE3DE
[2011/09/21 08:14:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/09/20 23:34:30 | 000,000,000 | ---D | C] -- C:\C7B007A6062B549280AC43B8BCB1310B
[2011/09/20 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\AVG2012
[2011/09/20 23:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/20 23:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/20 23:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/20 23:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/20 23:11:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/09/20 23:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/20 23:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell QuickSet
[2011/09/20 22:57:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/09/20 22:57:20 | 000,000,000 | ---D | C] -- C:\Intel
[2011/09/20 22:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/09/20 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\TMP
[2011/09/20 22:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/09/20 22:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2011/09/20 22:26:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Powercinema
[2011/09/20 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\CyberLink
[2011/09/20 08:08:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/09/20 08:05:53 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/09/20 08:05:37 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/09/20 08:05:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2011/09/20 00:04:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/20 00:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/19 23:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2011/09/19 23:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2011/09/19 23:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2011/09/19 23:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator DE
[2011/09/19 23:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/09/19 23:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/09/19 23:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/09/19 23:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/09/19 23:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2011/09/19 23:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/09/19 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/09/19 23:39:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011/09/19 23:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2011/09/19 23:38:51 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2011/09/19 23:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/09/19 23:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2011/09/19 23:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2011/09/19 23:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/09/19 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/09/19 23:30:16 | 000,000,000 | ---D | C] -- C:\Dell
[2011/09/19 23:30:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\MediaDirect
[2011/09/19 23:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011/09/19 23:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/09/19 23:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/09/19 23:29:16 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/09/19 23:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/09/19 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\InstallShield
[2011/09/19 23:25:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2011/09/19 23:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/09/19 23:25:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/09/19 23:22:02 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/19 23:22:02 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Searches
[2011/09/19 23:22:02 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/19 23:21:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Identities
[2011/09/19 23:21:53 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Contacts
[2011/09/19 23:21:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\VirtualStore
[2011/09/19 23:21:48 | 000,000,000 | --SD | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Videos
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Saved Games
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Pictures
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Music
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Links
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Favorites
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Downloads
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Documents
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop
[2011/09/19 23:21:48 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\Temporary Internet Files
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Templates
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Start Menu
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\SendTo
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Recent
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\PrintHood
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\NetHood
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Videos
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Pictures
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Music
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\My Documents
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Local Settings
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\History
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Cookies
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\Application Data
[2011/09/19 23:21:48 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\Application Data
[2011/09/19 23:21:48 | 000,000,000 | -H-D | C] -- C:\Users\Andrew\AppData
[2011/09/19 23:21:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Temp
[2011/09/19 23:21:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Microsoft
[2011/09/19 23:19:22 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011/09/19 23:14:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/19 23:11:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

[2011/09/22 21:33:09 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/22 21:33:09 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/22 20:39:49 | 104,899,240 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/22 20:34:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 20:34:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 20:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/22 20:33:14 | 1063,301,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/22 08:13:46 | 000,000,943 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/22 00:26:46 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/09/22 00:26:46 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/09/22 00:26:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/09/22 00:14:05 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/22 00:10:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/21 07:10:11 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2011/09/20 23:13:15 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/20 23:03:34 | 000,001,927 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/09/20 23:00:56 | 000,001,356 | ---- | M] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2011/09/20 23:00:53 | 000,016,050 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/09/20 22:40:23 | 000,744,318 | ---- | M] () -- C:\Windows\System32\oem2.inf
[2011/09/20 22:39:57 | 000,022,729 | ---- | M] () -- C:\newkey
[2011/09/20 22:39:57 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2011/09/20 08:05:38 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/19 23:58:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/19 23:51:44 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Roxio Creator Home.lnk
[2011/09/19 23:39:51 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2011/09/19 23:16:09 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2011/09/22 20:39:49 | 104,899,240 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/22 00:26:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/22 00:10:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/21 21:15:15 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/09/21 21:15:12 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/09/21 21:15:00 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/09/21 21:14:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/21 21:14:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/21 21:14:55 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/09/21 21:14:48 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/09/21 21:14:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/09/21 21:14:31 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/09/21 21:13:47 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/09/21 21:13:40 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/09/21 08:12:08 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/09/21 08:12:08 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/09/21 08:12:08 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/09/21 07:10:11 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2011/09/21 00:11:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/21 00:11:23 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/09/20 23:49:07 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/09/20 23:13:15 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/20 23:03:34 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/09/20 23:00:53 | 000,016,050 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/09/20 23:00:03 | 1063,301,120 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 22:57:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/09/20 22:57:17 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2011/09/20 22:57:17 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2011/09/20 22:57:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2011/09/20 22:57:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/09/20 22:57:17 | 000,027,152 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/09/20 22:57:17 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2011/09/20 22:57:17 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2011/09/20 22:40:37 | 000,744,318 | ---- | C] () -- C:\Windows\System32\oem2.inf
[2011/09/20 22:40:06 | 000,001,591 | ---- | C] () -- C:\Windows\System32\Uninst_EAPModules.bat
[2011/09/20 22:40:06 | 000,000,416 | ---- | C] () -- C:\Windows\System32\vcredist_x86.bat
[2011/09/20 22:40:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/09/20 22:40:04 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2011/09/20 22:39:57 | 000,022,729 | ---- | C] () -- C:\newkey
[2011/09/20 22:39:57 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2011/09/20 08:05:38 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/09/20 08:05:37 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/09/20 08:05:16 | 000,000,022 | RH-- | C] () -- C:\Windows\dell_version
[2011/09/20 00:24:08 | 000,000,943 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/19 23:58:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/19 23:51:44 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Roxio Creator Home.lnk
[2011/09/19 23:46:41 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/09/19 23:39:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/09/19 23:29:58 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/09/19 23:29:43 | 000,001,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaDirect.lnk
[2011/09/19 23:22:03 | 000,000,949 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/19 23:22:02 | 000,000,944 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/09/19 23:21:53 | 000,000,915 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/09/19 23:21:49 | 000,001,356 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2011/09/19 23:21:48 | 000,000,258 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/19 23:21:48 | 000,000,240 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/20 23:14:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AVG2012
[2011/09/20 22:48:00 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TMP
[2011/09/22 09:18:18 | 000,011,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


I appreciate any help / advice that you can give to resolve these 2 issues.

Thank you very much for your time.

Andrew

[Advertisements]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• Please tell me if you have your original Windows CD/DVD available
• When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please uninstall AVG 2012 (Start then Control Panel. In control Panel click on Programs an then on Programs and Features).

NEXT...

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

NEXT...

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.
• Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Please don't use your computer for other things than for running our tools.

[Render]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• Please tell me if you have your original Windows CD/DVD available
• When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please uninstall AVG 2012 (Start then Control Panel. In control Panel click on Programs an then on Programs and Features).

NEXT...

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

NEXT...

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.
• Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Please don't use your computer for other things than for running our tools.

[Ferral]

Hi Render,

Thank you for your reply.

I can confirm that the problems are still there and that I have the original windows installation CD.

Thank you for your instructions. I will carry them out this weekend - my apologies but it's a busy week at work, so I won't have time till sunday realistically to do anything.

I shall contact you again when I complete your instructions.

Once again, thank you very much for your help.

Andrew

[Render]

OK.

[Ferral]

Hi Render

Firstly, please note that without my knowledge my son tried to re-install windows and AVG. However, I can confirm that the problems described in my first post are still there. I'll make sure that he does not do anything else to the laptop while you are helping me - sorry!

I have followed your instructions and uninstalled AVG 2012 from the control panel.

I downloaded AppRemove and ran it. It did not find any AVG applications to remove - I assume this is ok?

I downloaded aswMBR and ran a scan. Please find attached the log and the zipped up .dat file.

Thank you again for your help.

Andrew

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-30 20:22:57
-----------------------------
20:22:57.660 OS Version: Windows 6.0.6002 Service Pack 2
20:22:57.660 Number of processors: 2 586 0xF0D
20:22:57.660 ComputerName: TSANG-PC UserName: Tsang
20:23:11.357 Initialize success
20:25:05.195 AVAST engine defs: 11093000
20:25:17.519 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:25:17.519 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
20:25:19.547 Disk 0 MBR read successfully
20:25:19.547 Disk 0 MBR scan
20:25:19.672 Disk 0 Windows VISTA default MBR code
20:25:19.688 Disk 0 scanning sectors +312576705
20:25:19.813 Disk 0 scanning C:\Windows\system32\drivers
20:25:29.438 Service scanning
20:25:30.873 Modules scanning
20:25:35.834 Disk 0 trace - called modules:
20:25:35.849 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
20:25:35.865 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bda4f0]
20:25:35.865 3 CLASSPNP.SYS[85fa28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x844f2b98]
20:25:37.737 AVAST engine scan C:\Windows
20:25:41.668 AVAST engine scan C:\Windows\system32
20:28:01.819 AVAST engine scan C:\Windows\system32\drivers
20:28:11.927 AVAST engine scan C:\Users\Tsang
20:29:23.703 AVAST engine scan C:\ProgramData
20:29:40.223 Scan finished successfully
20:30:16.831 Disk 0 MBR has been saved successfully to "C:\Users\Tsang\Desktop\MBR.dat"
20:30:16.847 The log file has been saved successfully to "C:\Users\Tsang\Desktop\aswMBR.txt"

Attached Files

•  aswMBR.txt   1.65KB   123 downloads
•  MBR.zip   604bytes   135 downloads

[Render]

OK. Please do the following now:

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)


Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post

[Ferral]

Hi Render

Thank you for your reply.

As instructed I downloaded the VRT tool and ran a scan. The scan did not find any threats - the detected threats report was empty, so I was unable to save anything to show you. I did save the automatic scan report, but that is too large to attach here. Please let me know if you want to see this report (and how to get it to you).

Please find attached the system information file.

Thank you for your help.

Andrew

Attached Files

•  avptool_sysinfo.zip   16.47KB   113 downloads

[Render]

It looks clean to me. You don't need to attach automatic scan report.

Please download and install one of the following free antivirus programs:

• Avira AntiVir
• avast! Home Edition
• Microsoft Security Essential

I recommend Microsoft Security Essentials.

As for your second problem with Windows Defender. Windows Defender is turned off by AVG or some other security program and that's normal behaviour. See here.

[Ferral]

Hi Render

Thank you for your reply.

Do you recommend NOT using AVG then? I ask because I have another computer that uses it.

Thank you for your help.

Andrew

[Render]

I'm using MSE and I'm happy with it. This is why I recommend it. I don't have any experience with AVG.

[Ferral]

OK. Thank you very much for your help!

Much appreciated

Andrew

[Render]

I want you to run your PC as normal for a day or two and then come back to me. If there will be no problems we have to clean up our tools.

[Ferral]

Hi Render,

I am unable to install MSE. I get a message saying:

"The version of this file is not compatible with the version of windows you're running. Check your computer's system information to see whether you need an x86 (32 bit) or x64 (64 bit) version of the program and then contact the software publisher".

I have checked my windows and it is 32 bit. Is there a 32 bit version of MSE available please?

Thank you for your help.

Andrew

[Render]

Yes it is. You have to download MSE for Windows Vista/Windows 7 32-bit.

[Ferral]

Hi Render

I have now downloaded and installed MSE.

However windows defender is still turned off. Should I turn defender back on or will it conflict with MSE?

Thank you for your help.

Andrew