Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: 8 viruses found, unable to delete.    (Read 32908 times)

0 Members and 1 Guest are viewing this topic.

dl65

  • R.I.P.


  • Prodigy

    Thanked: 18
    Re: 8 viruses found, unable to delete.  
    « Reply #30 on: June 07, 2006, 04:06:16 PM »
    DAVE9999.....  Showtime keeps comming up as bad ...it has to be removed
     ShowWnd.exe - Dangerous
    ShowWnd.exe is Trojan/Backdoor.

    This must be marked for removal .......
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

    mark for removal and click fix ..........

    Reboot ....and then see if ShowWnd is still there ...... Hopefully its gone .


    dl65  ::)
    If you don't know the answer, it isn't a dumb question.

    DAVE9999

    • Guest
    Re: 8 viruses found, unable to delete.  
    « Reply #31 on: June 08, 2006, 04:03:21 AM »
    hello dl65.
    Ran CCleaner, 12.3mb deleted.  read your guide to using the program, that was good.
    Ran "Issues" part of it, fixed 130 reg entries.
    Ran it again and it came up with another 39.  I found it can pay to run it twice.

    Ran Avast Anti Virus in safe mode no infections found.
    But some files corrupted.
    ARC Archive at C:\programfiles.\microsoftworks\1003\wizards\...\.

    And 3 cab archive files in D:\

    D:\preload\data9.01imp\bckgres.dll
    D:\preload\data9.02imp\fxst30.dll
    D:\preload\data9.05inp\imkr61chm

    Is it serious?. does it need fixing/deleating?
    Those corrupted files worry me.

    Wasn't set up to record log file.  found that out afterwards. wrote the above down just in case before hand

    Also ran Kaperskey online virus scan.

    KASPERSKY ON-LINE SCANNER REPORT  
    Wednesday, June 07, 2006 9:21:55 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 7/06/2006
    Kaspersky Anti-Virus database records: 199048
     
     
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
     
    Scan Target My Computer
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\  
     
    Scan Statistics
    Total number of scanned objects 50217
    Number of viruses found 3
    Number of infected objects 7
    Number of suspicious objects 0
    Duration of the scan process 00:35:27

    Infected Object Name Virus Name Last Action
    C:\temp\cs_mary.exe/Realtime.dll  Infected: Trojan-Spy.Win32.Delf.fk  skipped  
     
    C:\temp\cs_mary.exe  CreateInstall: infected - 1  skipped  
     
    C:\temp\setup_ares.exe/data0037  Infected: not-a-virus:AdWare.Win32.NavExcel.i  skipped  
     
    C:\temp\setup_ares.exe  NSIS: infected - 1  skipped  
     
    C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet  skipped  
     
    C:\temp\WarezP2P_DLC.exe/stream  Infected: not-a-virus:AdWare.Win32.NewDotNet  skipped  
     
    C:\temp\WarezP2P_DLC.exe  NSIS: infected - 2  skipped  
     
    Scan process completed.


    The next one has compleatly gone since last Kaperskey test 2 days ago.
    C:\System Volume Information\_restore{4A29620B-0973-4CDA-BBC9-4088620A8365}\RP152\A0061781.exe  Infected: Packed.Win32.Tibs  

    Picked up our "Avenger"program, ran it, all the above viruses are in the Avenger.backup.zip.  Ok to leave it there?.  Its more of a quarrenteen type program.  


    And ran Ewido malware 3.5.
    Nothing found.  BUT it took 20 mins instead of usual 45 mins.

    Did hjt log.
    As follows in next two posts.
    Thanks.

    DAVE9999

    • Guest
    Re: 8 viruses found, unable to delete.  
    « Reply #32 on: June 08, 2006, 04:07:02 AM »
    Its those Corrupt files found with the Anti Virus program that you wanted me to run, that worries me.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:04:01, on 08/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\ups.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\WebWasher\wwasher.exe
    C:\spywarebegone\SpywareBeGone.exe
    C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    C:\Program Files\Labtec Wireless Desktop\OSD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\david marks\My Documents\My Videos\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
    O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

    DAVE9999

    • Guest
    Re: 8 viruses found, unable to delete.  
    « Reply #33 on: June 08, 2006, 04:10:17 AM »
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119829022406
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Thanks for all your effort, it wont be long before streamed WMP videos can be played again.
    If all these improvements help it out.   many thanks.

    dl65

    • R.I.P.


    • Prodigy

      Thanked: 18
      Re: 8 viruses found, unable to delete.  
      « Reply #34 on: June 08, 2006, 03:16:16 PM »
      DAVE9999.....  What we seem to have here is a problem understanding what each other are saying ..... I think . For example , I said ...
      Quote
      ...yes run anti virus ( av ) [highlight]in safe mode [/highlight]
         and yet you provided a virus scan from an online source, not the avast , installed on your machine .   SAFE mode means ....... just that ....not Safe with networking ..... I did not want your machine to be connected to the internet .  the other odd thing I see, is that there are referances to entries in temp folder....... [highlight]C:\temp\WarezP2P_DLC.exe[/highlight]/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet  skipped  ...... If you have configured ccleaner and run the cleaner portion as suggested ...... Cleaner would have deleted the temp  files .....   ( look at how the cleaner should be set up ....see screen shot attached )   Have a look at the way yours is configured ......do you have green check marks the same as you see in my setup ?
       Then the other odd thing ...your summary list of infected files found ( 7 or 8 I think ) ....did you tell the scanner to remove or quarantine them ?
      Then I see referance to P2P folders ....... I thought you said you removed all those ...... It's almost as if someone else as well as myself is offering you advice and your taking a bit from one and a bit from another ....the result is very little is being achieved .
      If you would like , I could with your permission connect directly to your machine and assist you .......
      Please let me know.

      dl65  ::)
      « Last Edit: June 08, 2006, 03:25:10 PM by dl65 »
      If you don't know the answer, it isn't a dumb question.

      DAVE9999

      • Guest
      Re: 8 viruses found, unable to delete.  
      « Reply #35 on: June 08, 2006, 06:48:15 PM »
      Hello dl65, as I put in last post  "Ran Avast Anti Virus in safe mode no infections found."
      Ran it in SAFE mode.  
      As I said, It Wasn't set up to record log file.  found that out afterwards. when I looked for the log file to post to you. I had to click on the "Record a log file sign" It was not set up to record a log. must be their standard setting. I had no idea about that. wrote the below  down just in case before hand. (Parania)
       I couldn't copy the results off the screen, it wouldn't let me.  

      some files corrupted.
      ARC Archive at C:\programfiles.\microsoftworks\1003\wizards\...\.
       
      And 3 cab archive files in D:\
       
      D:\preload\data9.01imp\bckgres.dll
      D:\preload\data9.02imp\fxst30.dll
      D:\preload\data9.05inp\imkr61chm
      WAS all it said.

      I did a kapaskey scan to see if after using CCleaner the 8 viruses that I contacted you about.  the "8 viruses found unable to delete" were still there, they were.  well seven of them.

      Ran the "Avenger" program to get rid of them.
      Clicked on remove those files and it did and backed them up in a zip file.
      Must have a back up function to the program.
      Which I suppose, if left alone will be ok.
      None are in C:temp anymore.

      I used the remove/uninstall thru add/remove program
      to remove  
      Ares
      Kazza Lite  as I said on 6th june.
      It didnt remove
        C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet.
      And the other ones.
      No idea why.

      Neither did CCleaner when I ran it. Exactlty as in your diagram.
      They are not there any more.  the Kaperskey scan showed they were now in "Avenger "backup.zip.

      The reason CCleaner had not deleated the particular one you mention C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet.

      Like CCleaner has for instance deleated  
      C:\WINDOWS\TEMP\Perflib_Perfdata_530.dat 16.00KB
      C:\WINDOWS\TEMP\Perflib_Perfdata_538.dat 16.00KB
      C:\WINDOWS\TEMP\Perflib_Perfdata_540.dat 16.00KB
      C:\WINDOWS\TEMP\ZLT01eeb.TMP 256 bytes
      C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\8A56EAB7.TMP 122 bytes
      C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\jusched.log 1.61KB
      C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\~DF53A5.tmp 16.00KB
      -------------------------------------------------------------

      Is because    C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet.

      Is located at C:\temp.Warez etc.  (Or rather was)   And no function on CCleaner will remove it.
      None will.
      Maybe it only deletes temp files with a capital T,  ie Temp and not temp as where mine are located.
      Perhaps all the temp files downloaded should have gone to C;\Windows\Temp and beceause there is a C:\temp folder possibly put there by myself, I can't remember, the files have downloaded to C:\temp instead.  Maybe an expert would know.

      I couldnt see what harm connecting to the internet would do, after doing the Avast scan in safe mode, (exactly like you said), as I would have to connect to it, to contact you, and display the results.
       I suspect the Avast Anti virus, even though up to date, wouldn't detect a barn door, Thats why it is free I suspect.    
      The Kapaskey scan did.   Of cause they may have put them there, modifying some known virus, and therefore only they can currently detect it. (Parania, again)

      Are Antivirus program companies deliberately infecting peoples computors, ?
      Getting them to splash out $50 bucks a year to clean up some of their doing.?
      And people in the know, people who spend their time clearing up viruses on a day to day basis,  know about this, but are not telling me/general public about it.
       Maybe they get paid to pass on these viruses to the rest of the Companies in the Multi billion $ Virus infecting/detecting industry.  Especially if its a real nice juicy new one. (another paraniod idea, or am I close on that one.)     Am I right.  does this happen.

      Are we to assume that .
      C:\temp\cs_mary.exe   .....       a Trojan-Spy.Win32.Delf.fk  

      C:\temp\setup_ares.exe  ......     "not-a-virus:AdWare.Win32.NavExcel.i"
       
      C:\temp\WarezP2P_DLC.exe   ......        not-a-virus:AdWare.Win32.NewDotNet

      which have now gone

      Are located in those corrupt files in D;\ that Avarst found. as below.
      That I mentioned in my last post,  (Or they have been there!).

      D:\preload\data9.01imp\bckgres.dll
      D:\preload\data9.02imp\fxst30.dll
      D:\preload\data9.05inp\imkr61chm

      And as soon as the System restore is turned back on, they will come back.


      What concerns me is those Corrupted files at:
      ARC Archive at C:\programfiles.\microsoftworks\1003\wizards\...\.
       
      And 3 cab archive files in D:\
       
      D:\preload\data9.01imp\bckgres.dll
      D:\preload\data9.02imp\fxst30.dll
      D:\preload\data9.05inp\imkr61chm

      Is  a mind meld  to my computor needed to fix them?
      I am sure this time I can get it together and carry out the neccesary directions on how to fix it.

      Many thanks dl65.

      dl65

      • R.I.P.


      • Prodigy

        Thanked: 18
        Re: 8 viruses found, unable to delete.  
        « Reply #36 on: June 08, 2006, 07:13:54 PM »
        DAVE9999 ......
        Quote
        I couldnt see what harm connecting to the internet would do, after doing the Avast scan in safe mode, (exactly like you said)
          There isn't any harm in that at all...... all I wanted to be sure was that you were using your own anti virus as opposed to a on - line scanner .
        Quote
        And as soon as the System restore is turned back on, they will come back.
        ....   No ,thats the point of turning it off ..... the previous restore points are removed and the threat of reinfection removed as well .  Once system restore is turned back on ...... A new restore point will be created .
        Quote
        Is  a mind meld  to my computor needed to fix them?
         No Spock ....LOL .... it isn't , what we do is both go on msn messenger and then you invite me to remotely connect to you machine ....... once you have ageed , and we directly connect , I am able to see everything on your desktop that you see and I can control your pc from this end ....you just sit back and watch ..... I also have control of your mouse . I can go into any files , make repairs as required and then turn control back to you ........ this procedure is completely safe . once the connection is broken , there is no way that I can reconnect to your machine ,without your approval.

        cheers
        dl65  ::)

        If you don't know the answer, it isn't a dumb question.

        dl65

        • R.I.P.


        • Prodigy

          Thanked: 18
          Re: 8 viruses found, unable to delete.  
          « Reply #37 on: June 08, 2006, 07:17:53 PM »
          Dave9999..... How about posting a brand new hijackthis log ......


          dl65  ::)
          If you don't know the answer, it isn't a dumb question.

          DAVE9999

          • Guest
          Re: 8 viruses found, unable to delete.  
          « Reply #38 on: June 09, 2006, 01:18:04 PM »
          Hello dl65,
           ran CCleaner,All items in  C:\temp\etc,etc still there.

          Ran Avast AV in safe mode, AND managed this time to get a record of it.

          * avast! Report

          * Task 'Simple user interface' used
          * Started on 09 June 2006 11:30:15
          * VPS: 0623-2, 08/06/2006


          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla.zip\CDILLA10.EXE [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla1.zip\CDILLA05.DLL [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GoldenPalaceCasino.zip\sbRecovery.reg [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GoldenPalaceCasino.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NavExcelWebsearch.zip\sbRecovery.reg [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NavExcelWebsearch.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\zlbw.dll [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip\svcp.csv [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip\svcp.csv [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip\svcp.csv [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\parad.raw.exe [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
          C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
          C:\Documents and Settings\david marks\My Documents\My Videos\free-spyware-removal-2007.exe\Master.dat [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] Archive is password protected. (42056

          Best bits on next post

          DAVE9999

          • Guest
          Re: 8 viruses found, unable to delete.  
          « Reply #39 on: June 09, 2006, 01:22:30 PM »
          Continued

          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] Archive is password protected. (42056)
          C:\Program Files\Microsoft Works\1033\Wizards\crdus54w.wwp\Object 2\Contents\ [E] ARC archive is corrupted. (42133)
          C:\spywarebegone\Database\Master.enc\Master.dat [E] Archive is password protected. (42056)
          C:\temp\winzip90.exe\SETUP.WZ\WINZIP32.EX_ [E] Archive is password protected. (42056)
          D:\PRELOAD\data9_01.inp\bckgres.dll [E] CAB archive is corrupted. (42127)
          D:\PRELOAD\data9_02.inp\fxst30.dll [E] CAB archive is corrupted. (42127)
          D:\PRELOAD\data9_05.inp\imkr61.chm [E] CAB archive is corrupted. (42127)
          Infected files: 0
          Total files: 230657
          Total folders: 4773
          Total size: 20.6 GB

          Its the ones below (taken from above) that concern me.
          C:\Program Files\Microsoft Works\1033\Wizards\crdus54w.wwp\Object 2\Contents\ [E] ARC archive is corrupted. (42133)
          D:\PRELOAD\data9_01.inp\bckgres.dll [E] CAB archive is corrupted. (42127)
          D:\PRELOAD\data9_02.inp\fxst30.dll [E] CAB archive is corrupted. (42127)
          D:\PRELOAD\data9_05.inp\imkr61.chm [E] CAB archive is corrupted. (42127)

          HJT log in 2 parts to follow.

          DAVE9999

          • Guest
          Re: 8 viruses found, unable to delete.  
          « Reply #40 on: June 09, 2006, 01:26:36 PM »
          Logfile of HijackThis v1.99.1
          Scan saved at 20:10:53, on 09/06/2006
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\ewido\security suite\ewidoctrl.exe
          C:\WINDOWS\system32\slserv.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\ups.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\Program Files\Digital Media Reader\shwiconem.exe
          C:\WINDOWS\system32\igfxpers.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
          C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
          C:\Program Files\Labtec Wireless Desktop\OSD.EXE
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\spywarebegone\SpywareBeGone.exe
          C:\Documents and Settings\david marks\My Documents\My Videos\hijackthis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
          O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
          O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
          O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
          O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

          dl65

          • R.I.P.


          • Prodigy

            Thanked: 18
            Re: 8 viruses found, unable to delete.  
            « Reply #41 on: June 09, 2006, 01:33:54 PM »
            DAVE9999 ...... Do you have ccleaner setup per the screenshot I included above .....because if you look in the system portion of the screenshot , you will see that TEMP files are marked for removal ......... So I don't know why ypours isnt being removed . Have you actually gone into C:/windows/temp and looked to see if its empty or not ....? If it isn't , go there and once in the temp file , click edit ....select all and delete ...... Oh yes and be sure that nothing else is open .....

            dl65  ::)
            If you don't know the answer, it isn't a dumb question.

            dl65

            • R.I.P.


            • Prodigy

              Thanked: 18
              Re: 8 viruses found, unable to delete.  
              « Reply #42 on: June 09, 2006, 01:35:54 PM »
              DAVE9999 , By any chance , is there more than one user account on this machine ?

              dl65  ::)
              If you don't know the answer, it isn't a dumb question.

              DAVE9999

              • Guest
              Re: 8 viruses found, unable to delete.  
              « Reply #43 on: June 09, 2006, 01:54:09 PM »
              2nd part

              O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
              O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
              O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
              O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119829022406
              O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
              O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
              O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
              O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
              O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
              O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
              O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
              O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
              O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

              Please can  you let us know how best to deal with the corrupted files below, then I can leave everyone at Computor Hope.com to deal with other peoples computor maladies and worries..

              The Windows XP and Microsoft Works came Pre-loaded, No disk to replace anything with.
              Not even a recovery disc.

              C:\Program Files\Microsoft Works\1033\Wizards\crdus54w.wwp\Object 2\Contents\ [E] ARC archive is corrupted. (42133)
              D:\PRELOAD\data9_01.inp\bckgres.dll [E] CAB archive is corrupted. (42127)
              D:\PRELOAD\data9_02.inp\fxst30.dll [E] CAB archive is corrupted. (42127)
              D:\PRELOAD\data9_05.inp\imkr61.chm [E] CAB archive is corrupted. (42127)
               


              dl65

              • R.I.P.


              • Prodigy

                Thanked: 18
                Re: 8 viruses found, unable to delete.  
                « Reply #44 on: June 09, 2006, 02:06:17 PM »
                DAVE9999 ....With the exception of 2 questionable entries , your logfile looks ok .

                dl65  ::)
                If you don't know the answer, it isn't a dumb question.