Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is Java still a security risk?


  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

right click on C:\Windows\System32\kernel32.dll and select properties then details.  What File Version do you have?  Is it 5.1.2600.6532?


  • 0

Advertisements


#77
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

"What File Version do you have?  Is it 5.1.2600.6532?"

 

No, it isn't.

 

It's version 5.1.2600.2180 (see attachment).

 


  • 0

#78
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Appears to be SP2.  Let's look and see what other copies you may have.

 

Let's use OTL to see the copies.

 

http://www.geekstogo...timers-list-it/ and press the Download button.

 

 

/md5start
kernel32.dll
QUtil.dll 
kmsvc.dll
sfc.*
dot3svc.dll
napmontr.dll
qagentrt.dll
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.
 

  • 0

#79
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

SP2?

 

OTL

 

OTL logfile created on: 22/07/2016 19:07:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\dell owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
255.07 Mb Total Physical Memory | 42.97 Mb Available Physical Memory | 16.85% Memory free
1002.11 Mb Paging File | 631.34 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.43 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-25721C41B | User Name: dell owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/07/22 18:59:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dell owner\My Documents\Downloads\OTL.exe
PRC - [2015/08/18 17:38:44 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/08/18 17:35:26 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/24 07:34:50 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004/08/04 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/07/22 15:23:40 | 003,001,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\16072200\algo.dll
MOD - [2015/08/18 17:36:01 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/08/18 17:35:35 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/08/18 17:35:28 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2014/09/24 07:35:09 | 003,290,736 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\eapsvc.dll -- (EapHost)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2016/06/15 20:08:04 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/08/18 17:35:26 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2015/08/18 17:38:46 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/08/18 17:36:06 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/08/18 17:36:06 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/08/18 17:36:06 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/08/18 17:36:06 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/08/18 17:36:06 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/08/18 17:36:05 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/08/18 17:34:55 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/12/06 00:12:26 | 000,015,144 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\GetSusp.sys -- (GetSusp)
DRV - [2013/09/10 19:25:16 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
DRV - [2001/08/17 14:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/05/30 00:00:00 | 000,118,480 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\IntelATA.sys -- (IntelATA)
DRV - [2000/05/30 00:00:00 | 000,003,737 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\IdeBd.sys -- (idebd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://uk.search.ya...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.ya...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{05FE8838-C2ED-4AC2-92F4-CBB8E10C8F4F}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5CAA078D-D123-40A8-90E7-4874CDC9FB6A}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://uk.search.ya...p={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B89f8dde0-010a-11da-8cd6-0800200c9a66%7D:1.0.7.4
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..browser.search.selectedEngine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://uk.search.ya...com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..keyword.URL: "https://uk.search.ya...com/yhs/search"
FF - prefs.js..browser.startup.homepage: "https://uk.yahoo.com...&type=avastbcl"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/10 16:30:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.8.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.8.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/10/16 21:42:43 | 000,000,000 | ---D | M]
 
[2008/09/19 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Extensions
[2014/06/16 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\extensions
[2016/07/11 09:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions
[2016/05/29 17:41:20 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2016/02/23 00:35:17 | 000,000,000 | ---D | M] (British English Dictionary (Forked by Marco Pinto)) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected]
[2015/05/29 00:26:14 | 000,000,000 | ---D | M] (selectivecookiedelete) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected]
[2014/11/06 15:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\jetpack\[email protected]
[2014/11/06 15:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\jetpack\[email protected]\simple-storage
[2014/04/13 01:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\py5hhbjm.TEST\extensions
[2012/03/25 14:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions
[2012/03/25 14:27:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/27 14:42:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2009/09/10 12:21:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/01 22:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\rztndne2.Default User 2\extensions
[2011/03/25 21:43:19 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\rztndne2.Default User 2\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2014/04/06 01:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\extensions
[2014/04/04 17:46:42 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\extensions\[email protected]
[2014/04/06 01:18:33 | 000,000,000 | ---D | M] (selectivecookiedelete) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\extensions\[email protected]
[2013/08/07 11:21:43 | 000,011,571 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\extensions\[email protected]
[2013/07/15 12:37:14 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2016/06/02 10:17:52 | 000,016,198 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected]
[2016/02/23 00:35:02 | 000,020,743 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected]
[2016/07/08 02:36:14 | 000,046,440 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected]
[2015/05/29 00:17:32 | 000,061,435 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected]
[2015/05/29 00:26:13 | 000,010,014 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\{bb65e674-b194-4b6e-8033-5fa0afe3a198}.xpi
[2016/02/23 20:04:05 | 000,021,759 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
[2016/02/23 00:35:11 | 001,001,911 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/16 11:09:22 | 000,025,950 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions\[email protected]
[2011/11/29 00:56:21 | 000,053,072 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions\[email protected]
[2012/03/25 14:27:51 | 000,634,964 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/24 23:25:46 | 000,217,846 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2014/03/25 02:16:15 | 000,042,866 | ---- | M] () (No name found) -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
[2014/06/16 15:01:09 | 000,009,425 | ---- | M] () -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\searchplugins\yahoo-avast.xml
[2016/02/23 19:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2016/02/23 19:06:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2016/05/25 18:32:09 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: co-operativebank.co.uk ([personal] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab(Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab(PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab(Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab(Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} https://catalog.upda...b?1469090094013(MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1343506440492(WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab(Symantec RuFSI Utility Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab(Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343506565983(MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab(Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab(SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab(Reg Error: Key error.)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} http://register.btin...bcontrol023.cab(Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...520/mcfscan.cab(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B02402A-9823-4F7C-89F0-0636DD23A4E3}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/19 14:21:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/07/15 23:21:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmsvc.dll
[2016/07/15 22:22:14 | 000,000,000 | ---D | C] -- C:\FRST
[2016/07/15 10:25:25 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qagentrt.dll
[2016/07/15 10:25:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\napmontr.dll
[2016/07/15 10:25:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3svc.dll
[2016/07/11 11:25:43 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2016/07/11 00:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2016/07/08 14:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2016/07/08 14:50:59 | 000,153,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2016/07/08 14:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell owner\.oracle_jre_usage
[2016/07/08 14:49:27 | 000,095,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2016/07/08 14:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2016/07/08 14:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2016/07/08 12:01:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2016/07/05 17:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell owner\Local Settings\Application Data\K-Meleon
[2016/07/05 17:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell owner\Application Data\K-Meleon
[2016/07/05 17:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\K-Meleon
[62 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/07/22 19:39:47 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/07/22 19:00:10 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\NUSchedule.job
[2016/07/22 17:38:54 | 000,000,372 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2016/07/22 17:32:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/07/22 17:32:06 | 000,087,959 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2016/07/22 17:31:53 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\NUAutoUpdate.job
[2016/07/22 17:31:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/07/22 17:31:25 | 267,534,336 | -HS- | M] () -- C:\hiberfil.sys
[2016/07/21 09:43:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2016/07/20 12:59:55 | 000,019,610 | ---- | M] () -- C:\Documents and Settings\dell owner\My Documents\xpnetdiag.xml 20 7 2016.xml
[2016/07/20 02:30:00 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2016/07/20 02:29:58 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2016/07/19 10:42:24 | 000,019,610 | ---- | M] () -- C:\Documents and Settings\dell owner\My Documents\xpnetdiag.xml 2.xml
[2016/07/19 10:21:48 | 000,019,610 | ---- | M] () -- C:\Documents and Settings\dell owner\My Documents\Diagnostics.xml
[2016/07/19 10:20:53 | 000,019,610 | ---- | M] () -- C:\Documents and Settings\dell owner\My Documents\xpnetdiag.xml
[2016/07/16 15:45:15 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2016/07/16 03:57:43 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to MiniToolBox.exe.lnk
[2016/07/15 12:08:13 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to aswmbr(1).exe.lnk
[2016/07/14 21:48:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to Tcpview.exe.lnk
[2016/07/14 18:50:45 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear.exe.lnk
[2016/07/14 12:21:28 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear(4).exe.lnk
[2016/07/14 12:19:29 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear(3).exe.lnk
[2016/07/14 10:15:28 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear(2).exe.lnk
[2016/07/13 13:11:37 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to tdsskiller(1).exe.lnk
[2016/07/11 10:40:15 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2016/07/11 02:58:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2016/07/10 00:46:13 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to VEW.exe.lnk
[2016/07/08 18:06:09 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2016/07/08 15:32:44 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\dell owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/07/08 14:47:42 | 000,095,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2016/07/08 14:47:20 | 000,153,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2016/07/08 12:28:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2016/07/07 11:41:05 | 000,020,056 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2016/07/05 17:37:36 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\dell owner\Application Data\Microsoft\Internet Explorer\Quick Launch\K-Meleon.lnk
[2016/07/05 17:37:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\K-Meleon.lnk
[2016/07/04 17:35:10 | 000,013,690 | ---- | M] () -- C:\Documents and Settings\dell owner\My Documents\address rdram.odt
[62 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/07/20 12:59:55 | 000,019,610 | ---- | C] () -- C:\Documents and Settings\dell owner\My Documents\xpnetdiag.xml 20 7 2016.xml
[2016/07/19 10:42:23 | 000,019,610 | ---- | C] () -- C:\Documents and Settings\dell owner\My Documents\xpnetdiag.xml 2.xml
[2016/07/19 10:21:48 | 000,019,610 | ---- | C] () -- C:\Documents and Settings\dell owner\My Documents\Diagnostics.xml
[2016/07/19 10:20:53 | 000,019,610 | ---- | C] () -- C:\Documents and Settings\dell owner\My Documents\xpnetdiag.xml
[2016/07/16 03:57:43 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to MiniToolBox.exe.lnk
[2016/07/15 12:08:13 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to aswmbr(1).exe.lnk
[2016/07/14 21:48:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to Tcpview.exe.lnk
[2016/07/14 18:50:45 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear.exe.lnk
[2016/07/14 12:56:14 | 267,534,336 | -HS- | C] () -- C:\hiberfil.sys
[2016/07/14 12:21:28 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear(4).exe.lnk
[2016/07/14 12:19:29 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear(3).exe.lnk
[2016/07/14 10:15:28 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to avastclear(2).exe.lnk
[2016/07/13 13:11:37 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to tdsskiller(1).exe.lnk
[2016/07/11 02:58:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2016/07/10 00:46:13 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\dell owner\Desktop\Shortcut to VEW.exe.lnk
[2016/07/08 12:28:17 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[2016/07/08 12:28:16 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\dell owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/07/08 12:28:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2016/07/08 12:19:48 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/07/08 12:19:47 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/07/07 11:17:08 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2016/07/05 17:37:35 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\dell owner\Application Data\Microsoft\Internet Explorer\Quick Launch\K-Meleon.lnk
[2016/07/05 17:37:35 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\K-Meleon.lnk
[2016/07/05 17:37:28 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Meleon.lnk
[2016/07/04 11:23:56 | 000,013,690 | ---- | C] () -- C:\Documents and Settings\dell owner\My Documents\address rdram.odt
[2015/08/18 17:36:45 | 000,209,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2015/08/18 17:36:43 | 000,049,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2015/08/18 17:36:41 | 000,024,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/16 15:00:27 | 000,044,991 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1397656736.bdinstall.bin
[2013/03/07 19:52:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dell owner\GoToAssistDownloadHelper.exe
[2012/07/18 20:18:07 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SMRResults300.dat
[2012/07/12 12:10:20 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\dell owner\Local Settings\Application Data\dt.dat
 
========== ZeroAccess Check ==========
 
[2012/04/13 14:32:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/23 16:38:34 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 11:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 11:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< MD5 for: DOT3SVC.DLL  >
[2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=0F0F6E687E5E15579EF4DA8DD6945814 -- C:\WINDOWS\system32\dllcache\dot3svc.dll
[2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=0F0F6E687E5E15579EF4DA8DD6945814 -- C:\WINDOWS\system32\dot3svc.dll
 
< MD5 for: KERNEL32.DLL  >
[2004/08/04 11:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2004/08/04 11:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\system32\kernel32.dll
[2009/03/21 15:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2016/07/22 14:31:51 | 000,781,878 | ---- | M] () MD5=E65A62549A3069D6D61434FB7202E134 -- C:\Documents and Settings\dell owner\My Documents\My Pictures\kernel32.dll
 
< MD5 for: KMSVC.DLL  >
[2008/04/14 08:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=8878BD685E490239777BFE51320B88E9 -- C:\WINDOWS\system32\dllcache\kmsvc.dll
[2008/04/14 08:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=8878BD685E490239777BFE51320B88E9 -- C:\WINDOWS\system32\kmsvc.dll
 
< MD5 for: NAPMONTR.DLL  >
[2008/04/14 08:00:00 | 000,193,024 | ---- | M] (Microsoft Corporation) MD5=5099188F965E8C3DA76281E9CBCB0E7F -- C:\WINDOWS\system32\dllcache\napmontr.dll
[2008/04/14 08:00:00 | 000,193,024 | ---- | M] (Microsoft Corporation) MD5=5099188F965E8C3DA76281E9CBCB0E7F -- C:\WINDOWS\system32\napmontr.dll
 
< MD5 for: QAGENTRT.DLL  >
[2008/04/14 08:00:00 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=0102140028FAD045756796E1C685D695 -- C:\WINDOWS\system32\dllcache\qagentrt.dll
[2008/04/14 08:00:00 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=0102140028FAD045756796E1C685D695 -- C:\WINDOWS\system32\qagentrt.dll
 
< MD5 for: SFC.DLL  >
[2004/08/04 11:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\$NtServicePackUninstall$\sfc.dll
[2004/08/04 11:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\system32\dllcache\sfc.dll
[2004/08/04 11:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\system32\sfc.dll
 
< MD5 for: SFC.EXE  >
[2004/08/04 11:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=18DBCDCAFCD83E3A5646D359DCD03C93 -- C:\WINDOWS\system32\dllcache\sfc.exe
[2004/08/04 11:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=18DBCDCAFCD83E3A5646D359DCD03C93 -- C:\WINDOWS\system32\sfc.exe
 
< MD5 for: SFC.EXE-35015568.PF  >
[2016/07/17 10:53:42 | 000,012,180 | ---- | M] () MD5=997406F15D06FDD62B97D353E1F7252E -- C:\WINDOWS\Prefetch\SFC.EXE-35015568.pf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1

< End of report >
 

 

OTL Extras

 

OTL Extras logfile created on: 22/07/2016 19:07:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\dell owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
255.07 Mb Total Physical Memory | 42.97 Mb Available Physical Memory | 16.85% Memory free
1002.11 Mb Paging File | 631.34 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.43 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-25721C41B | User Name: dell owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\K-Meleon\k-meleon.exe (http://kmeleonbrowser.org/)
.pif [@ = CryptoPreventPIF] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.scr [@ = CryptoPreventSCR] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Documents and Settings\dell owner\My Documents\Downloads\FirefoxPortableESR\App\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Documents and Settings\dell owner\My Documents\Downloads\FirefoxPortableESR\App\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\network diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v5.2.2
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D15B945-2725-4443-AB3F-D900556612FE}" = User Profile Hive Cleanup Service
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Ultra ATA Storage Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C87EF11D-36E9-479D-9898-7541EA1E8A6A}" = OpenOffice 4.1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player NPAPI" = Adobe Flash Player 22 NPAPI
"Avast" = Avast Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.4
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"K-Meleon 75.0 (x86 en-US)" = K-Meleon 75.0 (x86 en-US)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 24.8.1 (x86 en-GB)" = Mozilla Firefox 24.8.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker2_is1" = Process Hacker 2.36 (r6153)
"Speccy" = Speccy
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/07/2016 18:58:17 | Computer Name = OWNER-25721C41B | Source = Application Error | ID = 1000
Description = Faulting application webkit2webprocess.exe, version 7534.57.2.4, faulting
 module unknown, version 0.0.0.0, fault address 0x6fee9522.
 
Error - 21/07/2016 17:13:34 | Computer Name = OWNER-25721C41B | Source = Application Error | ID = 1000
Description = Faulting application webkit2webprocess.exe, version 7534.57.2.4, faulting
 module unknown, version 0.0.0.0, fault address 0x6fee9522.
 
[ System Events ]
Error - 21/07/2016 17:05:55 | Computer Name = OWNER-25721C41B | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
 (0x71), which lies in the 0x70 - 0x71 protected  address range. This could lead to
 system instability. Please contact your system vendor for technical assistance.
 
Error - 21/07/2016 17:22:10 | Computer Name = OWNER-25721C41B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 21/07/2016 17:22:11 | Computer Name = OWNER-25721C41B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 21/07/2016 17:22:11 | Computer Name = OWNER-25721C41B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 21/07/2016 17:22:11 | Computer Name = OWNER-25721C41B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 21/07/2016 17:22:11 | Computer Name = OWNER-25721C41B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 22/07/2016 05:07:08 | Computer Name = OWNER-25721C41B | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
 (0x70), which lies in the 0x70 - 0x71 protected  address range. This could lead to
 system instability. Please contact your system vendor for technical assistance.
 
Error - 22/07/2016 05:07:08 | Computer Name = OWNER-25721C41B | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
 (0x71), which lies in the 0x70 - 0x71 protected  address range. This could lead to
 system instability. Please contact your system vendor for technical assistance.
 
Error - 22/07/2016 12:32:01 | Computer Name = OWNER-25721C41B | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
 (0x70), which lies in the 0x70 - 0x71 protected  address range. This could lead to
 system instability. Please contact your system vendor for technical assistance.
 
Error - 22/07/2016 12:32:01 | Computer Name = OWNER-25721C41B | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
 (0x71), which lies in the 0x70 - 0x71 protected  address range. This could lead to
 system instability. Please contact your system vendor for technical assistance.
 
 
< End of report >
 


  • 0

#80
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
[2004/08/04 11:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2004/08/04 11:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\system32\kernel32.dll
[2009/03/21 15:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll

 

 

You do have a newer kernel32.dll file.  We can try to use it.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   414bytes   25 downloads
 
Run FRST and press Fix.  It will need to reboot.
A fix log will be generated please post that 
 
Then run OTL again with the same 
 
/md5start
kernel32.dll
QUtil.dll 
kmsvc.dll
sfc.*
dot3svc.dll
napmontr.dll
qagentrt.dll
/md5stop
 
You will only get one log.  Please post it.
 
I'm thinking since you have an XP SP3 disk that a Repair Install may be the way to go.  
 
Repair Install Step 1

Insert the Windows XP SP3 CD into the disc drive. Restart the computer.

Step 2

Press a key on the keyboard when the message "Press Any Key to Boot From CD" appears on the screen.

Step 3

Press "Enter" again to continue. Read the Windows XP licensing agreement.

Step 4

Press "F8" to agree to the terms. Use the cursor keys to select your Windows XP installation from the list, if applicable.

Step 5

Press "R" to reinstall the operating system. Follow the onscreen instructions to set up Windows XP SP3 following installation.

 

 

You may want to clean the disk first:
 
 
They recommend using distilled water instead of tap water.  For really bad CDs you can actually use toothpaste:
 
 

 


  • 1

#81
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

Thank you for the very useful information.

 

I will attempt a repair installation.

 

I am busy for the week or so ahead, need to do it at a time when I am free and can deal with any problems that may arise......for example be able to go to my local library and use their computer to contact you if necessary. Need to back up some more documents and some important information in my emails, in case something goes wrong and I can't access them from home.

 

I am wondering......if something were to go wrong half way through a repair installation, is it too late to go back - would the previous XP SP3 files already have been deleted?

 

Or is it like System Restore, where if there is a problem half way through, you get a 'Cannot restore to' notice and the system stays as it was?

 

Knowing what to expect makes me feel a little less apprehensive.

 

I am assuming that the computer gets loaded with all new dll files during a repair installation? Appreciate you arranging it, but may I leave the kernel32.dll file fix or have I got that wrong / do you think I shouldn't?


Edited by scarlet.rose, 23 July 2016 - 06:17 AM.

  • 0

#82
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Normally there is no problem with a repair install especially with an intel based PC which you have.  I'm not sure what happens if the install fails so it's wise to be prepared.

 

If you are going to do the repair install then don't bother with the kernel32.dll replacement.  


  • 1

#83
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

Ok :)

 

Please keep the topic open, may be a short time away, but I will report back to you for sure.

 

I hope with good news!


  • 0

#84
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

I have IE 8

Have read these articles >>

 

"One of the biggest causes of a Windows XP repair install failing to work properly is to do with which version of Internet Explorer you have installed."

https://www.raymond....air-windows-xp/

"Before you perform a repair installation of Microsoft Windows XP, you must uninstall Windows Internet Explorer 7 or Windows Internet Explorer 8 from the Windows XP-based computer. To resolve this issue, uninstall the later version of Internet Explorer from the computer, and then install Internet Explorer 6. After Windows XP is repaired, you can reinstall the later version of Internet Explorer."

https://support.micr...en-gb/kb/917964

 

Let's hope I can uninstall IE 8 normally through Add / Remove Programs (although there is another way to do it I'd rather not).

Really don't want to install IE 6, do I have to, in one article it says to do that, but the other doesn't mention it?

Where should I download IE 6 from if I do please?

"Repairing your Windows XP will remove any Windows updates you have previously installed and also the system drivers will be reverted back to the original XP versions. Some Windows XP settings might be also be reset to their defaults. It’s a good idea to try and make sure you have any needed drivers to hand..."

I copied all my drivers to DoubleDriver and this onto a USB Flash Drive. Is that enough?

What will happen to the video driver, will it get changed?

 

Limited knowledge with regards to drivers and unsure as to what ones I will have to deal with.

 

Afraid.


Edited by scarlet.rose, 23 July 2016 - 01:21 PM.

  • 0

#85
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I'm thinking that applies if you have XP SP3 and you use XP without any SP to repair from but if you want to uninstall IE first it won't hurt.  I do like the idea of installing the Recovery Console.  

 

It's possible the video driver will get changed.  


  • 1

Advertisements


#86
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

Would I need to install IE 6 afterwards - if so where from please, where is best?

 

Update - Think I do need to, to test it afterwards before reinstalling IE 8.

 

I assume if you don't have a video driver the screen is black? Long as I am left with a video driver.

 

Installing the Recovery Console - would need to look into that, don't know anything about it.


Edited by scarlet.rose, 23 July 2016 - 01:39 PM.

  • 0

#87
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I think you can jump directly to IE8.  http://filehippo.com...net_explorer_xp

If you really want IE 6 you can get it:

http://filehippo.com...xplorer_xp/317/

 

Without a video driver it usually reverts back to the Low Resolution VGA driver like you see when you boot into Safe Mode.  While ugly it doesn't really hurt anything or keep you from installing a new video driver.

 

Here is how to install the recovery console:  https://support.micr...en-gb/kb/307654


  • 1

#88
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

"Without a video driver it usually reverts back to the Low Resolution VGA driver like you see when you boot into Safe Mode.  While ugly it doesn't really hurt anything or keep you from installing a new video driver."

 

That's reassuring to know. Was a fear I had when I changed the video driver back in 2014, that I might end up with a black screen.

 

Had so many difficulties with my computer, I now expect there to be problems whenever I attempt to make changes!

 

Computers are so complex....

 

Thanks very much for the information and for making this easier for me.


  • 0

#89
scarlet.rose

scarlet.rose

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts

I have a concern......want to check with you.

 

Been reading stories of users have their license keys rejected during reinstallation / repair of Windows and that it is vital the CD you use isn't mismatched to the type of license you have.

 

A PC World technician cleanly installed the OS I currently have on my computer; it is a genuine copy but he used his own CD because I did not have one at the time.

 

Although I know what the license key is, I was subsequently told some time ago by someone else that it may be a volume license.

 

Is there a way to find out please?

 

According to this article I cannot use the COA licence key that came with the brand new XP SP3 Home Edition CD that I bought:

 

"You also need the license key that came with your Windows XP. And I mean the exact same license key that was used to set up Windows XP on your computer. You cannot change license key during this process and if you do not have the correct key, you will end up with a half-baked setup process and unusable computer."

 

https://www.winhelp....windows-xp.html

 

Before reading this, I did buy another brand new XP SP3 Home Edition CD "For refurbished PCs" (best I could find) in case there are any problems with the other one that I have, which has: "Licensed for distribution only with a new PC" written on it.

 

Confused......bearing possible mismatched CD / license key in mind, which one should I try? Afraid of being locked out.


Edited by scarlet.rose, 28 July 2016 - 05:10 AM.

  • 0

#90
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

http://www.windowsne...Activation.html


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP