Author Topic: cab archive is corrupted  (Read 38661 times)

0 Members and 1 Guest are viewing this topic.

Offline tigerdragon

  • Newbie
  • *
  • Posts: 1
cab archive is corrupted
« on: February 26, 2008, 08:19:30 PM »
When i run virus scan i get message: c:\windows software distribution\download .........unable to scan: CAB archive is corrupted. I tried system restore, windows repair an even reinstalled windows OS. Every time i download updates  AVAST reports corrupted files. Any ideas? :-\

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: cab archive is corrupted
« Reply #1 on: February 27, 2008, 12:02:56 AM »
Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
It just can't be scanned by avast. Maybe corrupted, maybe just packed in a different way that avast can't unpack.
The best things in life are free.

Offline avvidro

  • Jr. Member
  • **
  • Posts: 75
  • I'm not a llama!
Re: cab archive is corrupted
« Reply #2 on: February 28, 2008, 03:22:39 PM »
Hey, but they should can be scanned. This happens with me, (and all btw I suppose) when I make boot scanning. And I think I have a clue of the reason. Igor, please look here. In my case, it usually happens with cabs and zips of driver files. Avast says many of them are corrupted with different message codes. And I verify and none of them is. It seems that when Avast tries to unpack them, if DLLs, VXDs and the like actually exists, Avast doesn't manage to unpack because it would cause a replacement of them, so thereby Windows stops its operation.
Well, I may be talking an ammount of bulls**t, but it deserves to be investigated.

Long live (cycle) to Avast!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11791
    • AVAST Software
Re: cab archive is corrupted
« Reply #3 on: February 28, 2008, 04:10:03 PM »
Well, there's nothing to say without more information (such as the list of full filenames and corresponding error codes).

In any case, avast! certainly doesn't unpack archives into the system folder - that would be rather strange  ;D
So no, the content is irrelevant.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re: cab archive is corrupted
« Reply #4 on: February 28, 2008, 06:20:58 PM »
Normally if you have archive-checking active, avast will unpack each archive (assuming it can) into avast's own temp folder so the contents can be scanned.

And while there are rare exceptions, normally avast will delete the temp copies from that folder once the scanning's done.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline spiRits3033

  • Newbie
  • *
  • Posts: 14
  • FCC: I'm just doing my job...
Re: cab archive is corrupted
« Reply #5 on: March 01, 2008, 02:38:20 AM »
I commonly get these errors when I scan inside compressed files.. I never really thought twice about it, assuming avast just couldn't unpack the files.
~spiRits3033

"Life is hard, but it's harder when your dumb."
-Jim Mandich

Offline windward

  • Jr. Member
  • **
  • Posts: 60
Re: cab archive is corrupted
« Reply #6 on: March 09, 2008, 08:01:46 PM »
I've got the same problemwhen I scan: CAB archive is corrupted. The Action box doesn't give an action (all choices are grayed out.)

The files are: dxdiagn.dll, dxdiagn.dl_, dsg.sy_, dsmasf.dl_, dstrans.dl_, earl.ac_, efsadu.dl_, els.dl_, encapi.dl_, encdec.dl_, ep9res.dl_.

When I boot my computer, a black command like box comes up with different headings on each boot. The heading that came up just now is: c:\windows\system32\gbfv.exe and then a message saying that "file encountered a problem and needs to close. We are sorry for the inconvenience."  ::) )

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: cab archive is corrupted
« Reply #7 on: March 09, 2008, 08:43:23 PM »
Strange... you seem to be infected. I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84749
  • No support PMs thanks
Re: cab archive is corrupted
« Reply #8 on: March 09, 2008, 08:46:51 PM »
You shouldn't take any action as it isn't reporting the file is infected, just that it couldn't be scanned.

The command window entry is because you the file has been removed or is missing, probably malware as a google search for gbfv.exe returns only one hit (suspicious if it is a legit file) and that is in relation to another suspect file that has an association with gbfv.exe. See http://spywarefiles.prevx.com/RRFJDJ9325501/AESY.EXE.html.

So somewhere in the registry there is a run command which can't find the file and that is why the command window remains open.

You could search for gbfv.exe in the registry and remove the entry but it is probably best to use another program, HiJackThis) if you don't like tinkering in the registry.

Program & Tutorial - Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial.
Post the contents of the HJT log here, you may need to split it over two or more posts if it is too large.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline windward

  • Jr. Member
  • **
  • Posts: 60
Re: cab archive is corrupted
« Reply #9 on: March 10, 2008, 12:55:45 AM »
Here is my Hijack log. Now the computer will allow me onto the Internet once and then even though I can ping sites it won't display the pages...
The scan shows nothing...
Thanks for your help!
Jim  ???


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:03 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Isass.exe
C:\WINDOWS\System32\jwdy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\jwdy.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [9836a9fd] rundll32.exe "C:\WINDOWS\System32\ypqgudaa.dll",b
O4 - HKLM\..\Run: [BM9b059a61] Rundll32.exe "C:\WINDOWS\System32\evjgsyrj.dll",s
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205011171833
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205021643420
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

--
End of file - 6538 bytes

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84749
  • No support PMs thanks
Re: cab archive is corrupted
« Reply #10 on: March 10, 2008, 01:36:16 AM »
You need a firewall that provides outbound protection and the XP firewall doesn't cut it (zero outbound protection).

Fix:
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

See, http://www.liutilities.com/products/wintaskspro/processlibrary/ddcman/ probable adware/spyware "This process monitors your browsing habits and distributes the data back to the author's servers for analysis."

C:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe


Note the spelling 'I' not 'l' (Lsass.exe) and there is already a correct entry for (C:\WINDOWS\system32\lsass.exe already), see http://www.liutilities.com/products/wintaskspro/processlibrary/isass/

Suspect:
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\jwdy.exe - Zero hits on google for the file name, suspicious in its own right.

O4 - HKLM\..\Run: [9836a9fd] rundll32.exe "C:\WINDOWS\System32\ypqgudaa.dll",b
O4 - HKLM\..\Run: [BM9b059a61] Rundll32.exe "C:\WINDOWS\System32\evjgsyrj.dll",s
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline windward

  • Jr. Member
  • **
  • Posts: 60
Re: cab archive is corrupted
« Reply #11 on: March 10, 2008, 02:54:16 AM »
I have to admit I am like a child with a loaded gun. I know enough to be dangerous as they say. Anyway, I tried to do everything you asked although I couldn't get online.

At least the computer rebooted after I did what I did. At least now I seem to be able to get online. I ran Ccleaner and go rid of some opening startup entries.

What do you suggest for a firewall?

Here is the new hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:54 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

--
End of file - 4809 bytes

Thanks for your time!
Jim

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: cab archive is corrupted
« Reply #12 on: March 10, 2008, 07:19:04 AM »
You had signs of some nasty infections. HJt will only remove the reg keys, not the files. Your log doesn't look quite right. We can have a deeper look with this scanner if you like.

DavidR can handle your firewall solution.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84749
  • No support PMs thanks
Re: cab archive is corrupted
« Reply #13 on: March 10, 2008, 06:08:16 PM »
As far as firewalls go, the most common ones being used by forum members are Comodo Firewall Plus, PC Tools firewall, Zone Alarm free. I don't feel ZA is as good as the other two as it restricts the strength of its outbound (anti-leak) function. This may possibly be in the hope of your purchasing the Pro version, there are then some things you need to do to get ZA Pro and avast Web Shield to work together.

There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline windward

  • Jr. Member
  • **
  • Posts: 60
Re: cab archive is corrupted
« Reply #14 on: March 10, 2008, 09:06:12 PM »
I downloaded DSS.exe but it keeps crashing. It goes through the whole process and is about to end when I get the message "dss.exe has encountered a problem and needs to close." The technical information is:
Error signature AppName dss.exe AppVer 3.2.8.1 ModName ntdll.dll
ModVer 5.1.2600.2180 Offset: 0001012b

Don't know whether this will help, but here is the txt file that was going to accompany the report sent to Microsoft about the crash:
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="dss.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="avast.exe" SIZE="19738872" CHECKSUM="0x8E0CD568" BIN_FILE_VERSION="4.7.1098.0" BIN_PRODUCT_VERSION="4.7.1098.0" PRODUCT_VERSION="4.7.1098.0" FILE_DESCRIPTION="ALWIL Software Setup Engine" PRODUCT_NAME="ALWIL Software Security" FILE_VERSION="4.7.1098.0" ORIGINAL_FILENAME="setup.exe" INTERNAL_NAME="avast.setup" LEGAL_COPYRIGHT="Copyright (c) 2006 ALWIL Software" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.7.1098.0" UPTO_BIN_PRODUCT_VERSION="4.7.1098.0" LINK_DATE="01/24/2008 15:45:13" UPTO_LINK_DATE="01/24/2008 15:45:13" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="CCleaner.exe" SIZE="816368" CHECKSUM="0x627C034A" BIN_FILE_VERSION="2.5.0.555" BIN_PRODUCT_VERSION="2.5.0.555" PRODUCT_VERSION="2, 5, 0, 555" FILE_DESCRIPTION="CCleaner" COMPANY_NAME="Piriform Ltd" PRODUCT_NAME="CCleaner" FILE_VERSION="2, 5, 0, 555" ORIGINAL_FILENAME="ccleaner.exe" INTERNAL_NAME="ccleaner" LEGAL_COPYRIGHT="Copyright 2005-2008 Piriform Ltd" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xCB06B" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.5.0.555" UPTO_BIN_PRODUCT_VERSION="2.5.0.555" LINK_DATE="02/20/2008 13:34:38" UPTO_LINK_DATE="02/20/2008 13:34:38" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="dss.exe" SIZE="686630" CHECKSUM="0xE1ED9520" BIN_FILE_VERSION="3.2.8.1" BIN_PRODUCT_VERSION="3.2.8.1" FILE_DESCRIPTION="" FILE_VERSION="3, 2, 8, 1" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.2.8.1" UPTO_BIN_PRODUCT_VERSION="3.2.8.1" LINK_DATE="09/10/2007 14:57:50" UPTO_LINK_DATE="09/10/2007 14:57:50" VER_LANGUAGE="English (United Kingdom) [0x809]" />
    <MATCHING_FILE NAME="Firefox Setup 2.0.0.12.exe" SIZE="6029648" CHECKSUM="0xB5EA58E9" BIN_FILE_VERSION="4.42.0.0" BIN_PRODUCT_VERSION="4.42.0.0" PRODUCT_VERSION="4.42" FILE_DESCRIPTION="Firefox" COMPANY_NAME="Mozilla" PRODUCT_NAME="Firefox" FILE_VERSION="4.42" ORIGINAL_FILENAME="7zS.sfx.exe" INTERNAL_NAME="7zS.sfx" LEGAL_COPYRIGHT="Mozilla" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x5CBA55" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.42.0.0" UPTO_BIN_PRODUCT_VERSION="4.42.0.0" LINK_DATE="08/15/2006 22:27:50" UPTO_LINK_DATE="08/15/2006 22:27:50" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="HJTInstall.exe" SIZE="812344" CHECKSUM="0x500A3516" BIN_FILE_VERSION="1.0.0.1" BIN_PRODUCT_VERSION="1.0.0.1" PRODUCT_VERSION="2.00.2" FILE_DESCRIPTION="HijackThis" COMPANY_NAME="Trend Micro Inc." PRODUCT_NAME="HijackThis" FILE_VERSION="2.00.2" ORIGINAL_FILENAME="HJTInstall.exe" INTERNAL_NAME="HJTInstall.exe" LEGAL_COPYRIGHT="(c) TrendMirco Inc.  All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD44EE" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.1" UPTO_BIN_PRODUCT_VERSION="1.0.0.1" LINK_DATE="06/07/2007 17:00:02" UPTO_LINK_DATE="06/07/2007 17:00:02" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Hot Deals from Compaq.exe" SIZE="53248" CHECKSUM="0x388D2684" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="03/22/2002 21:47:30" UPTO_LINK_DATE="03/22/2002 21:47:30" />
    <MATCHING_FILE NAME="IE7-WindowsXP-x86-enu.exe" SIZE="15452536" CHECKSUM="0x7EC64198" BIN_FILE_VERSION="6.2.29.0" BIN_PRODUCT_VERSION="6.2.29.0" PRODUCT_VERSION="6.2.0029.0" FILE_DESCRIPTION="Self-Extracting Cabinet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.2.0029.0 (SRV03_QFE.031113-0918)" ORIGINAL_FILENAME="SFXCAB.EXE" INTERNAL_NAME="SFXCAB.EXE" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xEBD30A" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="6.2.29.0" UPTO_BIN_PRODUCT_VERSION="6.2.29.0" LINK_DATE="06/28/2005 16:55:01" UPTO_LINK_DATE="06/28/2005 16:55:01" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="SkypeSetup.exe" SIZE="22690600" CHECKSUM="0x8001B6C1" BIN_FILE_VERSION="3.6.0.248" BIN_PRODUCT_VERSION="3.6.0.0" PRODUCT_VERSION="3.6" FILE_DESCRIPTION="Skype. Take a deep breath " COMPANY_NAME="Skype Technologies S.A." PRODUCT_NAME="Skype" FILE_VERSION="3.6.0.248" ORIGINAL_FILENAME="SkypeSetup.exe" INTERNAL_NAME="SkypeSetup.exe" LEGAL_COPYRIGHT="(c) Skype Technologies S.A." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x15A6FD9" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.6.0.248" UPTO_BIN_PRODUCT_VERSION="3.6.0.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="WindowsXP-KB835935-SP2-ENU.exe" SIZE="278927592" CHECKSUM="0x3342D95E" BIN_FILE_VERSION="5.5.1005.0" BIN_PRODUCT_VERSION="5.5.1005.0" PRODUCT_VERSION="5.5.1005.0" FILE_DESCRIPTION="Self-Extracting Cabinet" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.5.1005.0 (SRV03_QFE.031113-0918)" ORIGINAL_FILENAME="SFXCAB.EXE" INTERNAL_NAME="SFXCAB.EXE" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x10A08D60" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.5.1005.0" UPTO_BIN_PRODUCT_VERSION="5.5.1005.0" LINK_DATE="07/16/2004 17:39:54" UPTO_LINK_DATE="07/16/2004 17:39:54" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="ntdll.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="984576" CHECKSUM="0xF0B331F6" BIN_FILE_VERSION="5.1.2600.3119" BIN_PRODUCT_VERSION="5.1.2600.3119" PRODUCT_VERSION="5.1.2600.3119" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF9293" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3119" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3119" LINK_DATE="04/16/2007 15:52:53" UPTO_LINK_DATE="04/16/2007 15:52:53" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>