Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot scan: Are these items malicious?


  • Please log in to reply
10 replies to this topic

#1 Tom6killer

Tom6killer

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis, MO
  • Local time:08:28 AM

Posted 16 June 2015 - 11:27 AM

Spy bot found the following. This was a rootkit scan. 3 items found 

 

Type: Folder
Object: DATA
Location: C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\
Details: No admin in ACL
 
Type: Key
Object: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
Location: HKLM\SOFTWARE\NOS\
Details: No admin in ACL
 
Type: Key
Object: NOS
Location: HKLM\SOFTWARE\
Details: No admin in ACL
 
Are these malicious?

 

thanks

 

Ran TDSSKiller - nothing found

Ran Rkill - pasted the following. 

 

kill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/16/2015 11:45:25 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 06:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 01:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
 
  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 06/16/2015 11:46:08 AM
Execution time: 0 hours(s), 0 minute(s), and 43 seco
 
ran ESET online scanner:
C:\Documents and Settings\All Users\Application Data\Adobe\AIH.536a7771870e1f703220d30f5eb40da189244e35\GTB.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
C:\Documents and Settings\Tom\My Documents\Downloads\CCleaner_TSV3921WD\55bc08e32879a3de7386a2695d668304_ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
Thanks for taking a look. 
Virus Total scan of requested file: 
HA256: 8a647730b65aedb822b498ecc214da78c14df548b7fc68cc5f6c732eab6f54a4 File name: mqac.sys Detection ratio: 0 / 57 Analysis date: 2015-02-18 12:13:28 UTC ( 3 months, 4 weeks ago )
  Trusted source! This file belongs to the Microsoft Corporation software catalogue.
 
The scan said that this file was scanned before. I was confused on that one. I never been to the site before. 
 File identification
MD5 eee50bf24caeedb515a8f3b22756d3bb
SHA1 a8df29cc8cde7a2f6ab9af9e8a01057d6542f154
SHA256 8a647730b65aedb822b498ecc214da78c14df548b7fc68cc5f6c732eab6f54a4
ssdeep
1536:3HhCEa5yjjwn2GrRiDxdvXdF4xwVgADXWOcFaPnKKd6KpSzklHBr:XhCEa5yjjw7eZF4xfIXWpaPKKdlSzqH
authentihash  d1001ac23e0aa64c73d87c9d1fae3dbbe6661e273cd3fe53f388956505f1668b
imphash  6ecd283e78378d56fd784100ef2a2f71
File size 89.6 KB ( 91776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
 

What started my inquiry was an alert i received saying my system was infected call Microsoft and it gave a 800 number. I do have malware bytes and ran it. Found PUP.CONDUIT something something. Did removal. So I started using my other tools to see what else may be a problem. Did another Malware scan and found PUP again. Removed again. So I started using my other tools to see what else may be a problem Ran all the other tools in the order described above. i would upload my screen shot, however i cant seem to figure out how. 


Edited by Tom6killer, 16 June 2015 - 09:47 PM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 16 June 2015 - 12:17 PM

Hi there,

Those entries that you mentioned do not appear malicious.

Type: Folder
Object: DATA
Location: C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\
Details: No admin in ACL

Type: Key
Object: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
Location: HKLM\SOFTWARE\NOS\
Details: No admin in ACL

Type: Key
Object: NOS
Location: HKLM\SOFTWARE\
Details: No admin in ACL

This just means Spybot found that those keys lack permissions. This may or may not be malicious (some keys do not have permissions, and they should remain so). Since TDSSKiller found nothing I'd say it is ok to leave them be.

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

This is legit.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 06:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 01:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Can you find and upload this file to VirusTotal? After that copy and paste the result link here.
C:\WINDOWS\System32\drivers\mqac.sys
As for the Hosts file, that's ok. Those entries are added by Spybot S&D's Immunize feature to prevent you from accessing malicious sites.

On a side note, Spybot Search & Destroy is no longer recommended due to its poor performance. There are two better alternatives: Emsisoft Anti-Malware and Malwarebytes Anti-Malware.

Regards,
Alex

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:28 AM

Posted 16 June 2015 - 09:13 PM

Rkill will display the first 20 valid entries in the HOSTS file which sometimes is altered (modified) by malware infection. Rkill will also check the permissions on the HOSTS file and reset them if the administrator does not have proper permissions. Modification of this file does not necessarily mean your system is infected since some legitimate security programs and custom HOSTS files can also add numerous entries.

As noted by Alexstrasza, Spybot S&D offers four levels of protection to include...Immunization, Resident SDHelper, TeaTimer, Hosts file protection (adding entries).

If you used Spybot's immunization feature, the "Global (Hosts)" profile typical adds about 15493 entries to the HOSTS file starting with 127.0.0.1. If you open the Hosts file, the note at the top and bottom will show the entries were inserted by Spybot:
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2008 Safer Networking Limited
127.0.0.1	007guard.com
127.0.0.1	www.007guard.com
127.0.0.1	008i.com
127.0.0.1	008k.com
127.0.0.1	www.008k.com
127.0.0.1	00hq.com
127.0.0.1	www.00hq.com
127.0.0.1 	legal-at-spybot.info
127.0.0.1 	www.legal-at-spybot.info
127.0.0.1...
# This list is Copyright 2000-2007 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
If you perform an "Undo" via the Immunize button on the Spybot main screen, the entries Spybot added should be removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Tom6killer

Tom6killer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis, MO
  • Local time:08:28 AM

Posted 16 June 2015 - 09:48 PM

Hi there,

Those entries that you mentioned do not appear malicious.

Type: Folder
Object: DATA
Location: C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\
Details: No admin in ACL

Type: Key
Object: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}
Location: HKLM\SOFTWARE\NOS\
Details: No admin in ACL

Type: Key
Object: NOS
Location: HKLM\SOFTWARE\
Details: No admin in ACL

This just means Spybot found that those keys lack permissions. This may or may not be malicious (some keys do not have permissions, and they should remain so). Since TDSSKiller found nothing I'd say it is ok to leave them be.

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

This is legit.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 06:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 01:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 06:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Can you find and upload this file to VirusTotal? After that copy and paste the result link here.   

 

Thanks for taking a look. 
Virus Total scan of requested file: 
HA256: 8a647730b65aedb822b498ecc214da78c14df548b7fc68cc5f6c732eab6f54a4 File name: mqac.sys Detection ratio: 0 / 57 Analysis date: 2015-02-18 12:13:28 UTC ( 3 months, 4 weeks ago )
  Trusted source! This file belongs to the Microsoft Corporation software catalogue.
 
The scan said that this file was scanned before. I was confused on that one. I never been to the site before. 
 File identification
MD5 eee50bf24caeedb515a8f3b22756d3bb
SHA1 a8df29cc8cde7a2f6ab9af9e8a01057d6542f154
SHA256 8a647730b65aedb822b498ecc214da78c14df548b7fc68cc5f6c732eab6f54a4
ssdeep
1536:3HhCEa5yjjwn2GrRiDxdvXdF4xwVgADXWOcFaPnKKd6KpSzklHBr:XhCEa5yjjw7eZF4xfIXWpaPKKdlSzqH
authentihash  d1001ac23e0aa64c73d87c9d1fae3dbbe6661e273cd3fe53f388956505f1668b
imphash  6ecd283e78378d56fd784100ef2a2f71
File size 89.6 KB ( 91776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
 

What started my inquiry was an alert i received saying my system was infected call Microsoft and it gave a 800 number. I do have malware bytes and ran it. Found PUP.CONDUIT something something. Did removal. So I started using my other tools to see what else may be a problem. Did another Malware scan and found PUP again. Removed again. So I started using my other tools to see what else may be a problem Ran all the other tools in the order described above. i would upload my screen shot, however i cant seem to figure out how. 

C:\WINDOWS\System32\drivers\mqac.sys
As for the Hosts file, that's ok. Those entries are added by Spybot S&D's Immunize feature to prevent you from accessing malicious sites.

On a side note, Spybot Search & Destroy is no longer recommended due to its poor performance. There are two better alternatives: Emsisoft Anti-Malware and Malwarebytes Anti-Malware.

Regards,
Alex

 

Still working on full reply - this is just notes

Ran Malwarebytes again

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/17/2015
Scan Time: 5:14:20 AM
Logfile: 
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.06.17.02
Rootkit Database: v2015.06.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Tom
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 350238
Time Elapsed: 6 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Non Malware found - 1 item
PUP.Optional.conduitTB.Gen   --- location -- HKLM\software\microsoft\windows\currentversion
uninstall/conduitengine
 
i ignored it. 
 
This is an old system - Windows XP Professional, Version 2002, Service Pack 3

Edited by Tom6killer, 17 June 2015 - 11:48 AM.


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 17 June 2015 - 01:10 AM

Hi there,

What started my inquiry was an alert i received saying my system was infected call Microsoft and it gave a 800 number. I do have malware bytes and ran it. Found PUP.CONDUIT something something. Did removal. So I started using my other tools to see what else may be a problem. Did another Malware scan and found PUP again. Removed again. So I started using my other tools to see what else may be a problem Ran all the other tools in the order described above. i would upload my screen shot, however i cant seem to figure out how.

That sounds like one of those fake alert popups that are used to lure you into tech support scams - this does not necessary mean that your computer is infected (if it does it's more like a coincidence than anything). From the detections that Malwarebytes found I'd say it's just some PUP leftovers.

The scan said that this file was scanned before. I was confused on that one. I never been to the site before.

It just means that someone has scanned the file before - not necessarily you. :)

If the MD5 hash of a submitted file is found in the VT database then it offers you the choice to view the previous analysis, or start the analysis anew. In this case the file appears to be clean.

Since Rkill detected that this file is unsigned although it is clean, there is a chance that your catalog files are corrupt.

Please open an elevated Command Prompt (Windows 7 here, Windows 8 here), type in sfc /scannow and press Enter. Let me know the results (whether it found corrupted files or not).

Regards,
Alex

#6 Tom6killer

Tom6killer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis, MO
  • Local time:08:28 AM

Posted 23 June 2015 - 01:17 PM

Hi there,

What started my inquiry was an alert i received saying my system was infected call Microsoft and it gave a 800 number. I do have malware bytes and ran it. Found PUP.CONDUIT something something. Did removal. So I started using my other tools to see what else may be a problem. Did another Malware scan and found PUP again. Removed again. So I started using my other tools to see what else may be a problem Ran all the other tools in the order described above. i would upload my screen shot, however i cant seem to figure out how.

That sounds like one of those fake alert popups that are used to lure you into tech support scams - this does not necessary mean that your computer is infected (if it does it's more like a coincidence than anything). From the detections that Malwarebytes found I'd say it's just some PUP leftovers.

The scan said that this file was scanned before. I was confused on that one. I never been to the site before.

It just means that someone has scanned the file before - not necessarily you. :)

If the MD5 hash of a submitted file is found in the VT database then it offers you the choice to view the previous analysis, or start the analysis anew. In this case the file appears to be clean.

Since Rkill detected that this file is unsigned although it is clean, there is a chance that your catalog files are corrupt.

Please open an elevated Command Prompt (Windows 7 here, Windows 8 here), type in sfc /scannow and press Enter. Let me know the results (whether it found corrupted files or not).

Regards,
Alex

 

This is an old system - Windows XP Professional, Version 2002, Service Pack 3

I am not sure how to follow your last request of : open elevated command prompt. Please advise. 

 

Update since last communication.  My concern was something malicious I could not find. 

Ran Malwarebytes again

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/17/2015
Scan Time: 5:14:20 AM
Logfile: 
Administrator: Yes
Version: 0.00.0.0000
Malware Database: v2015.06.17.02
Rootkit Database: v2015.06.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Tom
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 350238
Time Elapsed: 6 min, 14 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
 
Non Malware found - 1 item
PUP.Optional.conduitTB.Gen   --- location -- HKLM\software\microsoft\windows\currentversion
uninstall/conduitengine
 
i ignored it. however Malware kept scanning and giving me notifications on this same PUP. So i deleted it. gulp hope that was ok!!
 
I still don't know what to think of this ESET  scan. 
 
an ESET online scanner:
C:\Documents and Settings\All Users\Application Data\Adobe\AIH.536a7771870e1f703220d30f5eb40da189244e35\GTB.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
C:\Documents and Settings\Tom\My Documents\Downloads\CCleaner_TSV3921WD\55bc08e32879a3de7386a2695d668304_ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Any suggestions??
 
i still think you are on to something when it comes to corrupt files. Any other steps to proceed with I am willing to try. I understand this does not look like a critical situation though and if your time is needed elsewhere no worries. thanks for your time. 

Edited by Tom6killer, 23 June 2015 - 01:22 PM.


#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 23 June 2015 - 02:08 PM

Hello,

Looks like Malwarebytes just found some remnants of Conduit (a search engine hijacker) and ESET Online Scanner found two installers bundled with the Google Toolbar (which it judged as "potentially unsafe application" - applications that are normally benign but can be used for malicious purposes).

I see that you are running Windows XP - in that case you only need to open a Command Prompt. Elevated Command Prompts are only available in Vista and above due to UAC (User Account Control).

Regards,
Alex

#8 Tom6killer

Tom6killer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis, MO
  • Local time:08:28 AM

Posted 24 June 2015 - 07:01 PM

Hello,

Looks like Malwarebytes just found some remnants of Conduit (a search engine hijacker) and ESET Online Scanner found two installers bundled with the Google Toolbar (which it judged as "potentially unsafe application" - applications that are normally benign but can be used for malicious purposes).

I see that you are running Windows XP - in that case you only need to open a Command Prompt. Elevated Command Prompts are only available in Vista and above due to UAC (User Account Control).

Regards,
Alex

Ran sfc/scannow - continually asked for windows disc, which i have no idea where that is, so i kept pressing skip this file. Scan then continued and then nothing. Back to to cmd screen. no report. Normal??



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 25 June 2015 - 01:55 AM

If it asks for Windows installation disk which means that there are corrupt files it cannot fix. Unfortunately I do not know how to fix those files, so you will have to seek help in the Windows XP Home and Professional area.

Aside from that, your computer looks clean... there is nothing to worry about.

And finally, please take note that Windows XP support has ended - using XP now is a danger to both your machine and other people due to unpatched vulnerabilities facilitating infections. Due to this I recommend that you upgrade to Windows 7 or 8.1 - or if for some reasons the machine cannot support either OS, then switch to Linux.

Regards,
Alex

#10 Tom6killer

Tom6killer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis, MO
  • Local time:08:28 AM

Posted 25 June 2015 - 05:38 PM

If it asks for Windows installation disk which means that there are corrupt files it cannot fix. Unfortunately I do not know how to fix those files, so you will have to seek help in the Windows XP Home and Professional area.

Aside from that, your computer looks clean... there is nothing to worry about.

And finally, please take note that Windows XP support has ended - using XP now is a danger to both your machine and other people due to unpatched vulnerabilities facilitating infections. Due to this I recommend that you upgrade to Windows 7 or 8.1 - or if for some reasons the machine cannot support either OS, then switch to Linux.

Regards,
Alex

Thank you. A new computer saving for, I am. That's my Yoda. take care



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 26 June 2015 - 08:22 AM

You are welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users