Win Sys 32 files moved to chest but no virus. Why?

[r.cascio]

I am installing software on a brand new machine and I have kernel32.dll, winsock.dll, and wsock32.dll in the chest with no virus designation.  My Windows is not working correctly, therefore, I can't activate my MS Office.  I can't install or uniinstall certain software because Windows Installer isn't working correctly.  I have limited funcionality on the software currently installed.  What type of problem do I have with these files in the chest and what does it mean?

[FreewheelinFrank]

Those files are backup copies of Windows files: you should see that they're in a different section of the chest. The original files are still in place. The cause of your problem lies elsewhere.

Did the machine come with another AV installed, and have you fully removed it?

[r.cascio]

Yes!  It came with PCTools and it popped up so many msgs with infected files, and I accidentally hit remove on the first one that popped up, but when I went to see the final results, it didn't show that I had removed a file.  It had lots of files in quarantine, but I restored them all and downloaded Avast immediately and did a boot scan and found 3 files in C:\System Volume Information\restore with Win32:Trojan-gen virus and the same in the Web Accelerator software that came loaded on the machine.  I also have the Win Sys 32 files in there as well.  I was afraid to remove the PCTools or I won't have a record of what it did.  What do I do?

[FreewheelinFrank]

I'm surprised that PCTools detected so many files on a new computer.

If you have restored the files, then you can (and need to) uninstall PCTools.

The Web Accelerator detection may be a false positive. Can you restore the file, make a copy and send it to avast! in a password protected ZIP file, mentioning the password in the email? (You'll need to disable avast! after restoring the file or it will block subsequent actions.)

[r.cascio]

I would be happy to send Avast the files but I have never done what you are asking.  I have already uninstalled PCTools.  I restored everything and ran Avast and I didn't get any viruses related to what was in PCtools.  In PCTools, I had one file and it was an EXE that was created in Windows or System folder that may be the culprit. 

The path is c:\documents and settings\PCOwner\LocalSettings\Temp\NRO.TMP\wnsetsdk.exe that I allowed to restore.  I wonder if this file affects my Windows Installer because it doesn't work right.  I can't uninstall the Microsoft software or activate my microsoft products over the internet.  It appears that my only choice may be to wipe my HD and reinstall WindowsXP and then reinstall all my software.  A screen popped up and said that there was a major configuration change in my system from when I first installed the Microsoft software, therefore, I needed to activate the product again, but I can't do it because the Windows Installer isn't working correctly.  I feel that I have too many problems at one time and maybe I should just wipe the HD and start over and this time I will have only my own software on the machine.  Do you feel I still should send the files?  I will if you think it will resolve all these issues.

[FreewheelinFrank]

The Web Accelerator detection will not affect windows in the way described. The only reason for submitting the file would be to allow avast! to correct the false detection.

The system files in the chest are backup files as mentioned and won't have caused any problems.

The file in NRO.TMP was probably a Nero file. I doubt deleting a temp file would cause the problems, and you restored the file anyway, so I'm afraid I don't know what the problem could be.

Try uninstalling avast! and see if that helps.

[r.cascio]

Sorry to take so long to get back to you.  I decided to go to Microsoft and see if I could download the Windows Installer and I could.  After I downloaded it all my problems went away.  I still have 3 files of the Web Accelerator in the infected area along with A0002958.exe A0002959.exe, and A0002960.exe.  I would be happy to send those to Avast if you want me to.  I just want to make sure I do it right.  Please let me know if you still want me to do this and if so, be specific on exactly how I do this.

Rose Mary