You are not logged in.

Thursday, July 24th 2014, 5:19pm

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

1

Friday, June 18th 2010, 11:26am

Can not install Avira

HI, i have recently downloaded Avira to try and solve a virus attack. I have used the Malwarebytes program as the forums have suggested but i am still apart from full access to my computer.
I continue to get this message when i attempt to install Avira;

"installation of the microsoft runtime redistiributable kit has failed

The probable cause is windows update running in parallel

please check whether windows update is in progress and run avira run avira Antivir personal - free antivirus setup again a little later.

Setup will close"

I have followed the forums as best i can, as i have noticed that others have received this message as well.

OS is xp 64 bit

here is my latest HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:24:19 AM, on 6/18/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SPDocta\pctsAuxs.exe
C:\Program Files (x86)\SPDocta\pctsSvc.exe
C:\Program Files (x86)\SPDocta\pctsTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BT\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\SPDocta\BDT\PCTBrowserDefender.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\SPDocta\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\Quick Time\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\SPDocta\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\SPDocta\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\SPDocta\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\SPDocta\pctsSvc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 6489 bytes

Date of registration:
Jan 5th 2009

Operating System:
XP

  • Send private message

2

Friday, June 18th 2010, 11:32am

You need to uninstall PC Tools Security first.
Also I recommend to update windows to sp3
Thanks for choosing Avira
Alexandru Manea
Avira Operations GmbH & Co. KG

  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

3

Friday, June 18th 2010, 8:43pm

Hi, thanks for responding. I removed pc tools from my computer and sp3 is not offered to xp 64bit. I was trying to run malewarebytes a few more times to clean up. a few more were removed but i think something deeper is in my computer. Im open to just about anything right now.

This post has been edited 1 times, last edit by "brangogh87" (Jun 18th 2010, 8:44pm)


marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

4

Friday, June 18th 2010, 11:12pm

Hi brangogh87,

Are you using any proxy?

Quoted

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
If not, please try to follow the instructions from here. Then try to install your Avira.

Regards,

Marco
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

5

Saturday, June 19th 2010, 9:53pm

I ran the scan as suggested in your OTL tutorial. Here is the log file as posted on pastebin.

http://pastebin.ca/1886621

Thanks

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

6

Saturday, June 19th 2010, 9:59pm

Hi brangogh87,

If you have done the OTL log, I assume that the entry doesn't appear again in HJT log, am I right?
Scotty is currently on patrol


  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

7

Saturday, June 19th 2010, 10:31pm

yes thats right.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

8

Saturday, June 19th 2010, 10:42pm

Ok, how about MBAM scan report along with OTL report?
Scotty is currently on patrol


  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

9

Saturday, June 19th 2010, 10:53pm

MBAM is not detecting any more infections. As for the OTL log, it is listed above through the link. One of my problems is my internet will not allow me to search for anything related to anti virus software or it will shut down any AV installation I try.

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

10

Saturday, June 19th 2010, 10:56pm

Hi brangogh87,

I could not identify a file. dll or. exe files that might have evidence of infection but one thing is certain. These entries:

Quoted

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
O33 - MountPoints2\{69d5f567-0f4f-11de-8215-001d7dad4b32}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\{69d5f56b-0f4f-11de-8215-001d7dad4b32}\Shell - "" = AutoRun
O33 - MountPoints2\{69d5f56b-0f4f-11de-8215-001d7dad4b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{69d5f56b-0f4f-11de-8215-001d7dad4b32}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"80:TCP" = 80:TCP:*: Disabled: SYSDLL
"7171:TCP" = 7171:TCP:*: Disabled: SYSDLL

All of them are a strong indication of an infection or remnants of a malware infection.
I don't want to remove them before having a deeper analysis.

- Please run the Combofix.
- Download Combofix from any of the links below:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
- Close all open windows
- Double click on the Combofix.exe.
NOTE: If you don't want to be installed the Recovery Console in Windows, click "No" and then agree that the verification to proceed.
When installing the console on boot screen will appear for selection of operating systems.
- If any errors occur, restart the computer in Safe Mode (press F8 intermittently, or F5 in some cases, during startup) and repeat the procedure
- ComboFix "could" automatically restart the PC to complete the removal process
- When finished, it will generate a log, which will be in C:\ComboFix.txt
- Don't click the ComboFix window or close it by clicking the X, while running, dont move the mouse and do not use the keyboard, it will stop and your desktop will go blank
- To stop or get out of ComboFix, enter "N"
- ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet.
- When ComboFix has finished it will automatically restore your Internet connection.
- Any additional questions can be found in this tutorial: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

11

Saturday, June 19th 2010, 10:59pm

MBAM is not detecting any more infections. As for the OTL log, it is listed above through the link. One of my problems is my internet will not allow me to search for anything related to anti virus software or it will shut down any AV installation I try.


Ok, then please follow to the marfabilis instructions.

P.S. Can you visit microsoft.com, avira.com etc.?
Scotty is currently on patrol


  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

12

Saturday, June 19th 2010, 11:04pm

i can visit the websites if i type them in the navigation bar directly.

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

13

Saturday, June 19th 2010, 11:11pm

Good, then just follow the instructions which were posted by marfabilis in his last post and post back the ComboFix log.
Scotty is currently on patrol

This post has been edited 1 times, last edit by "Farger" (Jun 19th 2010, 11:12pm)


  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

14

Saturday, June 19th 2010, 11:13pm

As i click the comobfix to open the error pops up that it only operates with certain operating systems. would it have anything to do with the 64 bit os? or do i need to restart and begin in safe mode with no network connections?

thanks

Farger

Moderator

Date of registration:
Jul 10th 2009

Version:
Avira Free Antivirus
Avira Ultimate Protection Suite
Avira Internet Security

Operating System:
Windows XP/ Windows 7

  • Send private message

15

Saturday, June 19th 2010, 11:17pm

Oh, sorry, ComoFix doesn't work on 64bit machines. I'm sure that marfabilis will suggest you another tool ;)
Scotty is currently on patrol


marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

16

Saturday, June 19th 2010, 11:37pm

Well it isn´t easy :)
Ok, lets go

- Download OTS to your Desktop
- Close all other programs.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Under Additional Scans check the following:

Reg - Shell Spawning
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

- Under the Custom Scan box paste this in

Quoted

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Post the log in Pastebin.ca
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

17

Saturday, June 19th 2010, 11:48pm

It never is ^^
I performed the scan as you instructed
here is the log

http://pastebin.ca/1886700

thanks

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

18

Sunday, June 20th 2010, 12:31am

Except those entries, both, the OTS as OTL log are clean with no sign of files that may indicate an infection. It´s really stranger.
Well let´s remove those entries.

- Run OTL.exe
- Download, copy all content and paste the following text file into the box under Custom Scan/Fixes (no blank line above it, & no space in front of it): OTLFix.txt
Push Run Fix
PS: OTL may ask to reboot the machine. Please do so if asked.Click OK
A report will open. Copy and Paste that report in your next post.

Generate a new OTL log just as I said earlier. Post in Pastebin.ca

I also have a suspicion about this entry "O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found"
However I'm thinking of a way to verify this in 64bit environment.

EDIT: Fixed
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

This post has been edited 2 times, last edit by "marfabilis" (Jun 20th 2010, 12:39am)


  • "brangogh87" started this thread

Date of registration:
Jun 18th 2010

  • Send private message

19

Sunday, June 20th 2010, 12:49am

OK, i ran the OTL and posted the log.

http://pastebin.ca/1886739

I also had 2 more documents on my desktop when i rebooted. One i pasted below the log on pastebin and the other is a word document entitled ~$to project.doc. Im not sure if that is normal or what, just thought i would run that by you.

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

20

Sunday, June 20th 2010, 1:15am

brangogh87,

Can you generate and post another OTL log just I said earlier?

Thank you.
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::