Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

It's ALL going wrong!

Started by justine_m , Oct 17 2009 10:58 AM

  • Please log in to reply

#1
justine_m
Posted 17 October 2009 - 10:58 AM

justine_m

    New Member

  • Member
  • Pip
  • 6 posts
Hi there!

I wonder if you guys can help me? I've used this site before and you've really helped me out. Now my mother-in-law's PC is messing up and I suggested she join this site to get some help... so here's hoping!

The computer is running winXP (service pack 3) but has been behaving very erratically of late. We lost internet connection last week but I managed to restore it; since then, however, her system has been running *very* slowly: internet pages take ages to open and programs take ages to start. I've ran all the checks you suggest in your Malware removal guide and there don't seem to be any problems but the PC is still very sluggish and hangs constantly. (I'm currently in 'Safe mode with networking' jut to be able to write this!)

Below are the two OTL log files you suggested I post. (I've also included them as attachments.) I really hope you guys/gals can help us with this, so thanks in advance!


OTL

OTL logfile created on: 17/10/2009 17:42:06 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

509.98 Mb Total Physical Memory | 359.66 Mb Available Physical Memory | 70.52% Memory free
1.22 Gb Paging File | 1.15 Gb Available in Paging File | 93.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 28.86 Gb Free Space | 77.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-QJH89Y24C4
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/17 17:35:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL-log file checker.exe
PRC - [2008/04/14 13:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 18:44:11 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Stopped])
SRV - [2008/04/14 13:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2002/01/29 14:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Stopped])
SRV - [2001/10/25 03:02:00 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (736 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX3200] C:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [igfxhkcmd] C:\windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKCU..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\ray\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 125 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/24 23:09:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/11 18:00:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/10/11 18:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/14 18:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8
[2009/10/12 22:06:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage
[2009/10/11 18:00:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/17 17:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/17 17:35:14 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL-log file checker.exe
[2009/10/17 17:32:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 17:32:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/10/17 17:32:05 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/10/17 17:28:17 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/17 17:16:29 | 00,000,000 | ---D | C] -- C:\windows\CSC
[2009/10/14 21:56:54 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/10/14 18:45:21 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2009/10/14 18:45:20 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2009/10/14 18:45:13 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2009/10/14 18:45:11 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2009/10/14 18:44:35 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg
[2009/10/14 18:15:34 | 00,000,000 | ---D | C] -- C:\windows\ie8updates
[2009/10/14 18:12:17 | 00,000,000 | -H-D | C] -- C:\windows\ie8
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\zh-TW
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\zh-HK
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\tr-TR
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\sv-SE
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\pt-BR
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\nl-NL
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\nb-NO
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\ko-KR
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\it-IT
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\he-IL
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\fr-FR
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\fi-FI
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\es-ES
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\el-GR
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\de-DE
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\da-DK
[2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\ar-SA

========== Files - Modified Within 14 Days ==========

[2009/10/17 17:35:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL-log file checker.exe
[2009/10/17 17:32:28 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 17:32:05 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/10/17 17:28:18 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/17 17:16:46 | 00,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/10/17 17:16:21 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/10/17 17:08:41 | 00,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
[2009/10/17 17:08:33 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/10/17 16:59:24 | 00,000,000 | ---- | M] () -- C:\boot.ini
[2009/10/17 16:58:52 | 00,000,613 | ---- | M] () -- C:\windows\win.ini
[2009/10/17 16:58:52 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/10/16 15:54:42 | 03,982,792 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/16 09:28:07 | 42,945,854 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2009/10/16 09:08:16 | 00,033,037 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/10/14 22:00:08 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2009/10/14 18:45:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/10/14 18:45:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2009/10/14 18:45:20 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2009/10/14 18:45:13 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2009/10/14 18:45:11 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2009/10/14 18:44:41 | 00,492,629 | ---- | M] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2009/10/14 18:44:39 | 06,061,540 | ---- | M] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2009/10/14 18:04:34 | 00,359,961 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Warning by Jenny Joseph-2nd copy.mht
[2009/10/14 08:42:28 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Pond.doc
[2009/10/14 08:41:44 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\blank.doc
[2009/10/10 09:04:37 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\womens group members.doc
[2009/10/10 07:59:45 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Alice Band news letter.doc
[2009/10/10 07:00:50 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$blank.doc
[2009/10/06 00:06:34 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Old Man.doc
[2009/10/05 21:45:32 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\free lance gardiner.doc

========== Files - No Company Name ==========
[2009/10/17 17:32:28 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 18:45:22 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/10/14 18:44:43 | 42,945,854 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2009/10/14 18:44:41 | 00,033,037 | ---- | C] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/10/14 18:44:39 | 00,492,629 | ---- | C] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2009/10/14 18:44:35 | 06,061,540 | ---- | C] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2009/10/14 18:04:32 | 00,359,961 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Warning by Jenny Joseph-2nd copy.mht
[2009/10/14 08:42:28 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Pond.doc
[2009/10/11 17:48:39 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Outlook Express.lnk
[2009/10/11 17:46:58 | 00,000,236 | ---- | C] () -- C:\windows\tasks\OGALogon.job
[2009/10/10 07:59:45 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Alice Band news letter.doc
[2009/10/10 07:00:50 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$blank.doc
[2009/10/05 23:50:32 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Old Man.doc
[2009/10/05 09:07:20 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\free lance gardiner.doc
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/05/01 16:05:37 | 00,010,536 | ---- | C] () -- C:\windows\System32\drivers\Hmonitor.sys
[2009/03/27 16:20:00 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/01/18 16:57:46 | 00,290,919 | ---- | C] () -- C:\windows\System32\pythoncom21.dll
[2009/01/18 16:57:46 | 00,057,344 | ---- | C] () -- C:\windows\System32\PyWinTypes21.dll
[2009/01/18 16:55:50 | 00,096,768 | ---- | C] () -- C:\windows\SlantAdj.dll
[2009/01/18 16:55:50 | 00,000,072 | R--- | C] () -- C:\windows\System32\epDPE.ini
[2009/01/18 16:54:23 | 00,122,880 | ---- | C] () -- C:\windows\System32\EEBAPI.dll
[2009/01/18 16:54:23 | 00,102,400 | ---- | C] () -- C:\windows\System32\EEBDSCVR.dll
[2009/01/18 16:54:23 | 00,065,536 | ---- | C] () -- C:\windows\System32\EBAPI.dll
[2008/10/16 23:16:33 | 00,106,496 | ---- | C] () -- C:\windows\System32\PixText.dll
[2008/05/25 00:06:46 | 00,019,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/05/25 00:03:40 | 03,982,792 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/05/24 23:22:39 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/24 23:13:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/05/24 15:54:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/06/20 13:00:00 | 00,000,613 | ---- | C] () -- C:\windows\win.ini
[2003/06/20 13:00:00 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\windows\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/10/14 18:30:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/01/18 17:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/10/16 23:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2009/07/16 10:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org1.9.79
[2009/03/27 15:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2009/10/14 18:42:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/27 17:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/30 20:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/06/20 13:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/10/17 17:08:41 | 00,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job
[2009/10/17 17:08:33 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 13:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 13:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >


EXTRAS log file:


OTL Extras logfile created on: 17/10/2009 17:42:06 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

509.98 Mb Total Physical Memory | 359.66 Mb Available Physical Memory | 70.52% Memory free
1.22 Gb Paging File | 1.15 Gb Available in Paging File | 93.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 28.86 Gb Free Space | 77.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-QJH89Y24C4
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}" = EPSON Photo Print
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{D9789BA3-4033-4D81-9B10-7EE99EFA4691}" = OpenOffice.org 1.9.79
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"AVG8Uninstall" = AVG Free 8.5
"Boots F2CD Picture Suite" = Boots F2CD Picture Suite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"Hardware sensors monitor 4.4_is1" = Hardware sensors monitor 4.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/10/2009 11:30:11 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:31:23 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:32:22 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:35:12 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:36:14 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:37:25 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:38:32 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:39:44 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:40:43 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

Error - 17/10/2009 11:41:54 | Computer Name = USER-QJH89Y24C4 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\mswsock.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Sockets 2.0
Service Provider because of this error. Program: Microsoft Windows Sockets 2.0 Service
Provider File: C:\WINDOWS\system32\mswsock.dll The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 3

[ System Events ]
Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

Attached Files


  • 0

Advertisements

#2
justine_m
Posted 19 October 2009 - 12:41 PM

justine_m

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ummm... no replies yet. Does that mean I've posted in the wrong forum? Is it okay if I repost this in the Windows XP forum?
Thanks in advance!
  • 0

#3
kahdah
Posted 14 November 2009 - 07:27 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello justine_m

Welcome to G2Go. :)
=====================
Hi sorry for the wait but this is not a malware problem.
The system event logs show the culprit.

[ System Events ]
Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:31:34 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 17/10/2009 09:41:17 | Computer Name = USER-QJH89Y24C4 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

What these entries mean is that you have a failing hard drive.
I would backup all existing documents and use the computer the least amount possible to lessen the damage to the drive.
You will have to get a new Hard drive and reinstall Windows on it.
It may be more efficient to take it into a local tech shop and have them do it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP