the stub cannot run installer/updater executable avast at C:\Users\(...)

Hello,
I can’t install Avast because I get the error detailed in the Subject :"the stub cannot run installer / updater executable avast at C:\Users\ (something illegible as text goes outside error box)
I only had Comodo Firewall installed no other AntiVirus, but it also stopped working and from what I understand from reading the logs it seems that some nt32.exe is the reason behind this
I didnt attemp any kind of registry fic or similars (I wouldn’t be able anyways as MalwareBytes also fails installation, as detailed in attached pic)

Im attaching the logs from aswMBR (w/latest virus def database, I dont know if this was required it found infections but I didn’t take any action as per instructions in topic detailed next) and FRST64 as per instructions in this topic https://forum.avast.com/index.php?topic=53253.0

Let me know if I should post any more details.
Thx in advance

Hi once this fix has run could you try to install Avast again, it should work this time.
Then run a fresh FRST scan so that I can ensure that I killed it all

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\Run: [NT Kernel Service] => C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" IFEO\avgidsagent.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\avp.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\avscan.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\bdagent.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\cavwp.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\ccuac.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\cis.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\cistray.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\ComboFix.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\dragon_updater.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\egui.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\GeekBuddyRSP.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\hijackthis.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\instup.exe: [Debugger] \315load32.exe IFEO\keyscrambler.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\launcher_service.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\mbampt.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\mbamscheduler.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\MpCmdRun.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\MsMpEng.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\rstrui.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\spybotsd.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\wireshark.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe IFEO\zlclient.exe: [Debugger] C:\Users\Sanosuke\Documents\315load32.exe InternetURL: C:\Users\Sanosuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> 0 InternetURL: C:\Users\Tester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> C:\ProgramData\load32.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicyUsers\S-1-5-21-3298641409-256483956-972813613-1003\User: Group Policy Restriction detected <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-3298641409-256483956-972813613-1000] => 50.22.206.179:8080 BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File 2015-04-10 02:34 - 2015-04-10 02:34 - 0000000 _____ () C:\Users\Sanosuke\AppData\Local\{B197A941-E1A9-4A73-A224-9B024090CEC2} Task: {C82690DF-C5DE-4673-B529-C4046FDF6B13} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO) Task: {FCAA8C78-84B7-44D5-B83E-46657135950F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis91D8.exe <==== ATTENTION C:\Program Files\COMODO C:\ProgramData\cis91D8.exe C:\ProgramData\hash.dat C:\ProgramData\load32.exe C:\ProgramData\NTKernel C:\Users\Sanosuke\Documents\315load32.exe C:\NTKernel C:\Users\Sanosuke\AppData\Local\Mobogenie RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Hi.
Fixlog attached.

Let me know if everything looks right.

Thx again.

Did Avast install successfully this time ?

Could I have a fresh FRST scan please

Oh, my bad I didnt read that I can attemp to install Avast again, Im going to do that and also provide the new scan results.

No problem do you have a link for Avast ?

Download the correct version of Avast
Avast Free

Ok, Im DLing the installer you provided, I was gonna use the online one (the one from CNET.com) but I preffer to use this one as it seems to be the full installer exe (150~ Mb)

btw, my internet connection is quite slow so I will be posting the results of my installation attemp in aproximately ~45mins.

Thx again.

No problem, I prefer the offline installer myself … A few tips :slight_smile:

Select Custom install
Remove the ticks from the first page for the following unless you want them :

https://dl.dropboxusercontent.com/u/73555776/avastchrome.JPG

Dropbox
Chrome
Chrome toolbar

Select Next
Deselect the following from the middle column as you will not need them :

https://dl.dropboxusercontent.com/u/73555776/avasttools.JPG

SecureLine
Grimefighter

Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register

Right click the Avast orange blob on the task bar
Select registration
Select Standard Protection

https://dl.dropboxusercontent.com/u/73555776/avast%20register1.JPG

Fill in your e-mail address

https://dl.dropboxusercontent.com/u/73555776/avast%20register2.JPG

Click register with e-mail address and you are done
Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP’s) "
Place a tick in “Silent /Gaming mode”

https://dl.dropboxusercontent.com/u/73555776//pups.JPG

Hi essexboy

Attached log after Avast installation (wich didnt ask for system restart, should I restart and provide you with anothe log after reboot???)

Let me know if you want any other logs

Thx again

A few more pieces to kill … How is the computer behaving now ?

No need for a restart

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Startup: C:\Users\Sanosuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AI Suite II 1.02.27.lnk [2015-07-13] InternetURL: C:\Users\Sanosuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> C:\NTKernel\nt32.exe Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx [2000-04-21] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & ' Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & ' 2015-07-23 14:22 - 2013-02-22 06:53 - 00000000 ____D C:\Windows\System32\Tasks\COMODO C:\Users\Sanosuke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Hi

Lastest fixlog attached

The computer seems to be working quite properly I dont see anything weird, the only thing is that I got en error msg about a missing file in the \users\temp folder and I also noticed a couple of .lnk files that I cant open (they ask for admin rights even when my user account is admin), however Im not sure is thos .lnk are some network stuff or something…

Thx again

that I got en error msg about a missing file in the \users\temp folder
Does it state a file name ?
couple of .lnk files that I cant open
Again do you have a name for them

Attached as “Asus Temp startup error”

Attached as “LNK files” and “LNK Properties” (Im sayin LNK because they have that arrow in the lower left corner of the icons, I understand they are links… right?)
They are all located @ C:\Users\Sanosuke

Thx again

Hmm weird, the startup error is something generated by ASUS on your system

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

THEN

Could you run yet another FRST scan for me please

Hi

Im attaching both logs, the error msg still pops up.
The AdwCleaner log is in spanish, it autodetected my lang config (If you need it in english, please let me know)

Thx again

OK this should clear the error message, it was in the drivers and not the start up :slight_smile:

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: S3 ALSysIO; \??\C:\Users\Sanosuke\AppData\Local\Temp\ALSysIO64.sys [X] RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Hi essex,

New log attached, error pop up still apears after reboot…

Thx again for your time.

OK time to go hunting :slight_smile:

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Does the alert appear on reboot ?