Can't install Avira [Solved/Closed]

Report
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014
-
Posts
13336
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
-
I have a problem,
Avira doesn't complete installation and my log file is this

[0ED8:0E0C][2014-02-12T19:00:15]i001: Burn v3.7.1224.0, Windows v6.1 (Build 7600: Service Pack 0), path: C:\Users\pc\Downloads\avira_oe_client_antivirus_en (3).exe, cmdline: ''
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'SkipSuccessPageAfterInstall' to value 'yes'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'RebootImmediatly' to value 'yes'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'ShowSendErrorReport' to value 'yes'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'LogFileUploadUrl' to value 'https://wl-win.oes.avira.com/sendreport'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'SERVER_URL' to value ''
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'SHORT_MSG_FORMAT' to value ''
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing string variable 'TRACKING_TOKEN' to value ''
[0ED8:0E0C][2014-02-12T19:00:15]i000: Initializing numeric variable 'DISABLE_MIXPANEL_TRACKING' to value '0'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015.log'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\pc\Downloads\avira_oe_client_antivirus_en (3).exe'
[0ED8:0E0C][2014-02-12T19:00:15]i000: Setting string variable 'WixBundleName' to value 'Avira'
[0ED8:0E0C][2014-02-12T19:00:15]i100: Detect begin, 4 packages
[0ED8:0E0C][2014-02-12T19:00:15]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client'
[0ED8:0E0C][2014-02-12T19:00:15]i052: Condition 'NETFRAMEWORK40CLIENT' evaluates to false.
[0ED8:0E0C][2014-02-12T19:00:15]i101: Detected package: Avira.OE.Setup.Prerequisites.exe, state: Absent, cached: None
[0ED8:0E0C][2014-02-12T19:00:15]i101: Detected package: NetFx40ClientWeb, state: Absent, cached: None
[0ED8:0E0C][2014-02-12T19:00:15]i101: Detected package: Avira.OE.Setup.CustomTokenHandler.exe, state: Absent, cached: Complete
[0ED8:0E0C][2014-02-12T19:00:15]i101: Detected package: Id.Avira.OE.Setup.Msi, state: Absent, cached: Complete
[0ED8:0E0C][2014-02-12T19:00:15]i052: Condition 'NTProductType = 1 AND ( ((VersionNT = v5.1) AND (ServicePackLevel >= 3)) OR ((VersionNT64 = v5.2) AND (ServicePackLevel >= 2)) OR ((VersionNT = v6.0)) OR ((VersionNT = v6.1)) OR (VersionNT >= v6.2) )' evaluates to true.
[0ED8:0E0C][2014-02-12T19:00:15]i199: Detect complete, result: 0x0
[0ED8:0E0C][2014-02-12T19:01:24]i200: Plan begin, 4 packages, action: Install
[0ED8:0E0C][2014-02-12T19:01:24]w321: Skipping dependency registration on package with no dependency providers: Avira.OE.Setup.Prerequisites.exe
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleLog_Avira.OE.Setup.Prerequisites.exe' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_0_Avira.OE.Setup.Prerequisites.exe.log'
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleRollbackLog_Avira.OE.Setup.Prerequisites.exe' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_0_Avira.OE.Setup.Prerequisites.exe_rollback.log'
[0ED8:0E0C][2014-02-12T19:01:24]i052: Condition 'NOT NETFRAMEWORK40CLIENT' evaluates to true.
[0ED8:0E0C][2014-02-12T19:01:24]w321: Skipping dependency registration on package with no dependency providers: NetFx40ClientWeb
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleLog_NetFx40ClientWeb' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_1_NetFx40ClientWeb.log'
[0ED8:0E0C][2014-02-12T19:01:24]w321: Skipping dependency registration on package with no dependency providers: Avira.OE.Setup.CustomTokenHandler.exe
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleLog_Avira.OE.Setup.CustomTokenHandler.exe' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_2_Avira.OE.Setup.CustomTokenHandler.exe.log'
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleRollbackLog_Avira.OE.Setup.CustomTokenHandler.exe' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_2_Avira.OE.Setup.CustomTokenHandler.exe_rollback.log'
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleRollbackLog_Id.Avira.OE.Setup.Msi' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_3_Id.Avira.OE.Setup.Msi_rollback.log'
[0ED8:0E0C][2014-02-12T19:01:24]i000: Setting string variable 'WixBundleLog_Id.Avira.OE.Setup.Msi' to value 'C:\Users\pc\AppData\Local\Temp\Avira_20140212190015_3_Id.Avira.OE.Setup.Msi.log'
[0ED8:0E0C][2014-02-12T19:01:24]i201: Planned package: Avira.OE.Setup.Prerequisites.exe, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: None
[0ED8:0E0C][2014-02-12T19:01:24]i201: Planned package: NetFx40ClientWeb, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: None, cache: Yes, uncache: No, dependency: None
[0ED8:0E0C][2014-02-12T19:01:24]i201: Planned package: Avira.OE.Setup.CustomTokenHandler.exe, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: No, uncache: No, dependency: None
[0ED8:0E0C][2014-02-12T19:01:24]i201: Planned package: Id.Avira.OE.Setup.Msi, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: No, uncache: No, dependency: Register
[0ED8:0E0C][2014-02-12T19:01:24]i299: Plan complete, result: 0x0
[0ED8:0E0C][2014-02-12T19:01:25]i300: Apply begin
[0E8C:0FBC][2014-02-12T19:01:28]w308: Automatic updates could not be paused due to error: 0x8024a000. Continuing...
[0E8C:0FBC][2014-02-12T19:01:28]i000: Caching bundle from: 'C:\Users\pc\AppData\Local\Temp\{97134356-7859-4668-a511-1db17b42de75}\.be\Avira.OE.Setup.Bundle.AntiVirus.En-us.exe' to: 'C:\ProgramData\Package Cache\{97134356-7859-4668-a511-1db17b42de75}\Avira.OE.Setup.Bundle.AntiVirus.En-us.exe'
[0E8C:0FBC][2014-02-12T19:01:28]i320: Registering bundle dependency provider: {97134356-7859-4668-a511-1db17b42de75}, version: 1.0.5142.23462
[0E8C:0ACC][2014-02-12T19:01:28]i305: Verified acquired payload: Avira.OE.Setup.Prerequisites.exe at path: C:\ProgramData\Package Cache\.unverified\Avira.OE.Setup.Prerequisites.exe, moving to: C:\ProgramData\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\Avira.OE.Setup.Prerequisites.exe.
[0ED8:0E74][2014-02-12T19:01:28]w343: Prompt for source of package: NetFx40ClientWeb, payload: NetFx40ClientWeb, path: C:\Users\pc\Downloads\redist\dotNetFx40_Client_setup.exe
[0ED8:0E74][2014-02-12T19:01:28]i338: Acquiring package: NetFx40ClientWeb, payload: NetFx40ClientWeb, download from: http://go.microsoft.com/fwlink/?linkid=182804
[0E8C:0ACC][2014-02-12T19:01:37]i305: Verified acquired payload: NetFx40ClientWeb at path: C:\ProgramData\Package Cache\.unverified\NetFx40ClientWeb, moving to: C:\ProgramData\Package Cache\E15AD80FC74277EF2048312E9A71AF56B2EBA622\redist\dotNetFx40_Client_setup.exe.
[0E8C:0ACC][2014-02-12T19:01:37]i304: Verified existing payload: Avira.OE.Setup.CustomTokenHandler.exe at path: C:\ProgramData\Package Cache\803D4618A776B18A79E153BA7DAF4CDCEB2A6DB8\Avira.OE.Setup.CustomTokenHandler.exe.
[0E8C:0ACC][2014-02-12T19:01:37]i304: Verified existing payload: Id.Avira.OE.Setup.Msi at path: C:\ProgramData\Package Cache\{85C4ECF1-DE0F-44E8-B702-D0F11C6B0AAB}v1.0.5142.23462\Avira.OE.Setup.Msi.AntiVirus.msi.
[0E8C:0ACC][2014-02-12T19:01:37]i304: Verified existing payload: BundlePayload at path: C:\ProgramData\Package Cache\{85C4ECF1-DE0F-44E8-B702-D0F11C6B0AAB}v1.0.5142.23462\BundledProducts.xml.
[0E8C:0FBC][2014-02-12T19:01:37]i301: Applying execute package: Avira.OE.Setup.Prerequisites.exe, action: Install, path: C:\ProgramData\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\ProgramData\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\Avira.OE.Setup.Prerequisites.exe" /enableMsiService /checkRebootRequired'
[0ED8:0E0C][2014-02-12T19:01:37]i319: Applied execute package: Avira.OE.Setup.Prerequisites.exe, result: 0x0, restart: None
[0E8C:0FBC][2014-02-12T19:01:37]i301: Applying execute package: NetFx40ClientWeb, action: Install, path: C:\ProgramData\Package Cache\E15AD80FC74277EF2048312E9A71AF56B2EBA622\redist\dotNetFx40_Client_setup.exe, arguments: '"C:\ProgramData\Package Cache\E15AD80FC74277EF2048312E9A71AF56B2EBA622\redist\dotNetFx40_Client_setup.exe" /norestart /passive /ChainingPackage "Avira"'
[0E8C:0FBC][2014-02-12T19:02:07]e000: Error 0xc8000222: Process returned error: 0xc8000222
[0E8C:0FBC][2014-02-12T19:02:07]e000: Error 0xc8000222: Failed to execute EXE package.
[0ED8:0E0C][2014-02-12T19:02:07]e000: Error 0xc8000222: Failed to configure per-machine EXE package.
[0ED8:0E0C][2014-02-12T19:02:08]i319: Applied execute package: NetFx40ClientWeb, result: 0xc8000222, restart: None
[0ED8:0E0C][2014-02-12T19:02:08]e000: Error 0xc8000222: Failed to execute EXE package.
[0E8C:0FBC][2014-02-12T19:02:08]i351: Removing cached package: NetFx40ClientWeb, from path: C:\ProgramData\Package Cache\E15AD80FC74277EF2048312E9A71AF56B2EBA622\
[0E8C:0FBC][2014-02-12T19:02:08]i301: Applying rollback package: Avira.OE.Setup.Prerequisites.exe, action: Uninstall, path: C:\ProgramData\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\ProgramData\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\Avira.OE.Setup.Prerequisites.exe" /enableMsiService'
[0ED8:0E0C][2014-02-12T19:02:08]i319: Applied rollback package: Avira.OE.Setup.Prerequisites.exe, result: 0x0, restart: None
[0E8C:0FBC][2014-02-12T19:02:08]i351: Removing cached package: Avira.OE.Setup.Prerequisites.exe, from path: C:\ProgramData\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\
[0E8C:0FBC][2014-02-12T19:02:08]i330: Removed bundle dependency provider: {97134356-7859-4668-a511-1db17b42de75}
[0E8C:0FBC][2014-02-12T19:02:08]i352: Removing cached bundle: {97134356-7859-4668-a511-1db17b42de75}, from path: C:\ProgramData\Package Cache\{97134356-7859-4668-a511-1db17b42de75}\
[0ED8:0E0C][2014-02-12T19:02:08]i399: Apply complete, result: 0xc8000222, restart: None, ba requested restart: No


can I get some help guys, thanks.

14 replies

Posts
48725
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
June 23, 2020
15,397
Hi

What is your operating system?

Which Avira antivirus product are you trying to install, there are four of them:
https://ccm.net/download/s/avira

Where have you acquired the software? If downloaded, from which site?

Did you have another antivirus software installed ? Which one? Have you deleted every trace of it?
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014

thank you for answering

I have windows 7

I downloaded Avira free antivirus from avira website

I had node before and I deleted it.
Posts
48725
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
June 23, 2020
15,397
Node is a complex software to completely delete, it may still be preventing from installing Avira.

Download and run both of the following tools and run them. Once you are done, restart your computer and try to install a fresh copy of Avira:

https://ccm.net/download/download-33-ccleaner

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

I suggest you download a fresh copy of Avira from Kioskea:

https://ccm.net/download/download-36-avira-free-antivirus-2019

Good luck
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014

I thank you so much for responding I appreciate it so much, and apologize for me being late.

I used the two tools just like you said,

then I tried to download avira from Kioskia but it didn't get downloaded as a program, but as a file with a name "14.0.1.749cookie" that I didn't know how to use

I tried to re-download the file but the same happened

then, downloaded the program from Avira website , it got downloaded but again it didn't get installed .!!
Posts
48725
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
June 23, 2020
15,397
Okay, no problem, this can be fixed. I'm afraid that there may be a virus preventing downloading and installation.

Your thread will be transfered to the Virus/Security forum.

As I am short of time, an expert friend, 2011N2 (Gabriel) will take over.

Just stand by for his instructions

Good luck
Posts
13336
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
37
Hello,

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the "Configure" button.

7. Click on the Magnifying glass rightmost.

8. Click on "Search"

Wait for the tool to finished (maybe a long time)

9. Close ZHPDiag.

10. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Gabriel.
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014

sorry for being so late Gabriel, and thank you very much for being so helpful.

this is the report URL

[code]http://speedy.sh/dknX4/ZHPDiag.txt/code

.
Posts
13336
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
37
Hi,

Download the following Adwcleaner created by Xplode
https://ccm.net/download/download-24088-adwcleaner
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Gabriel.
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014

Hi,thanks for answering,

this is the log

# AdwCleaner v3.020 - Report created 04/03/2014 at 23:38:38
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : pc - PC-PC
# Running from : C:\Users\pc\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[!] Folder Deleted : C:\Users\pc\AppData\Local\Babylon
[!] Folder Deleted : C:\Users\pc\AppData\Local\cool_mirage
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\Babylon
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\baidu
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Users\pc\AppData\Roaming\Search Protection
File Deleted : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\24sy8ces.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\24sy8ces.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2973 octets] - [04/03/2014 23:19:15]
AdwCleaner[R1].txt - [3033 octets] - [04/03/2014 23:37:41]
AdwCleaner[S0].txt - [2791 octets] - [04/03/2014 23:38:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2851 octets] ##########
Posts
13336
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
37
Hi,

OK, run again ZHPDiag and send the report.

Gabriel.
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014

Hi Gabriel,

so late again , sorry . I had some awful exams

here's the log

http://speedy.sh/r8Pwz/ZHPDiag.txt
Posts
13336
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
37
Hi,

No problem.


1. Close all applications

2. Select and copy all lines which are in this link : https://dl.dropboxusercontent.com/u/32869654/For%20Abed.shawkey.txt

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.
Posts
7
Registration date
Wednesday February 12, 2014
Status
Member
Last seen
March 23, 2014

THANK YOU FOR CONTINUING ON

this is the report.

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by pc at 23/03/2014 07:07:26 ?
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Recycle Bin emptied (:0mn ?s)
Prefetcher emptied

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Program Files (x86)\GrabRez\updateGrabRez.exe
REMOVES Reboot: Memory Process: C:\Program Files (x86)\GrabRez\bin\utilGrabRez.exe

========== Registry keys ==========
REMOVES: CLSID BHO: {e1420d09-acc8-4efd-9965-e7ae3c5b977c}
REMOVES: Service: Update GrabRez
REMOVES: Service: Util GrabRez
REMOVES: HKCU\Software\Baidu Security
REMOVES: HKCU\Software\Baidu
REMOVES: HKCU\Software\GrabRez
REMOVES: HKLM\Software\Wow6432Node\GrabRez
REMOVES:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\GrabRez
REMOVES:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
REMOVES:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
REMOVES:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

========== Registry values ==========
REMOVES RunValue: SearchProtection
REMOVES RunValue: AESTFltr

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
REMOVES: c:\program files (x86)\grabrez\grabrezbho.dll
REMOVES Reboot: c:\program files (x86)\grabrez\updategrabrez.exe
REMOVES: c:\windows\prefetch\utilgrabrez.exe-2aad5272.pf
Deletes temporary Windows (280) (67,621,349 octets)
REMOVES Flash Cookies (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
2 : Process memory
11 : Registry keys
2 : Registry values
1 : Folders
5 : Files
1 : System restore


End of clean in :3mn ?s

========== Path to file report ==========
C:\Users\pc\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/03/2014 07:07:30 ? [2033]
Posts
13336
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
37
Hello,

OK. :)

Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/download/download-105-malwarebytes es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Gabriel.