I'm having some problems with AntiVir and AVG on one of the computers I'm troubleshooting in a VERY troubled office.
I can't install AVG. When I attempt to, after a certain point, it stops and gives me this error:
Local machine: installation failed
Installation:
Error: Action failed for registry key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run: creating
registry key....
Access is denied. (5)
So, I installed AntiVir instead. However, mid-scan, the scan stops. The scan result displayed is: Scan was terminated nominally.
The following is the log from the scan:
Creation date of the report file: Thursday, September 01, 2005 14:37
AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1047 vom 07.06.2005
Mainprogram 6.31.00.03 of 10.05.2005
VDF file 6.31.1.193 (0) of 29.08.2005
This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.
Scanning for 208414 virus strains and unwanted programs.
Licensed for: AntiVir Personal Edition
Serial number: 0000149996-WURGE-0001
Please enter the workstation and
contact name with phone number in this form:
Name ___________________________________________
Street ___________________________________________
Town ___________________________________________
Phone/Fax ___________________________________________
Email ___________________________________________
Platform: Windows NT Workstation
Windows version: 5.0 Build 2195 (Service Pack 4)
Username: staff
Processor: Pentium
Working memory: 129328 KB free
Version information:
AVWIN.DLL : 6.31.00.03 561192 07.06.2005 11:34:48
AVEWIN32.DLL : 6.31.1.0 823808 29.08.2005 17:43:18
AVGNT.EXE : 6.31.00.01 168039 07.06.2005 11:34:48
AVGUARD.EXE : 6.31.00.01 238120 07.06.2005 11:34:48
GUARDMSG.DLL : 6.30.00.02 94248 07.06.2005 11:34:48
AVGCMSG.DLL : 6.31.00.00 295029 07.06.2005 11:34:48
AVGNTDW.SYS : 6.31.00.01 32896 07.06.2005 11:34:48
AVPACK32.DLL : 6.31.00.03 323664 07.06.2005 11:34:48
AVGETVER.DLL : 6.30.00.00 24576 07.06.2005 11:34:48
AVWIN.DLL : 6.31.00.03 561192 07.06.2005 11:34:48
AVSHLEXT.DLL : 6.30.00.01 40960 07.06.2005 11:34:48
AVSched32.EXE : 6.30.00.00 110632 07.06.2005 11:34:48
AVSched32.DLL : 6.30.00.00 122880 07.06.2005 11:34:48
AVREG.DLL : 6.30.00.03 41000 07.06.2005 11:34:48
AVRep.DLL : 6.31.01.190 1310760 29.08.2005 17:43:20
INETUPD.EXE : 6.31.00.02 249915 07.06.2005 11:34:50
INETUPD.DLL : 6.31.00.02 143360 07.06.2005 11:34:48
CTL3D32.DLL : 2.31.000 27136 26.07.2000 07:00:00
MFC42.DLL : 6.00.9586.0 1015859 19.06.2003 15:05:04
MSVCRT.DLL : 6.10.9844.0 286773 19.06.2003 15:05:04
CTL3DV2.DLL : No information
Configuration file:
Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown
Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report
Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information
Abridge report file:
[ ] Abridge report file
Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged
Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100
Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm
Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore
Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date
Drag&drop settings:
[X] Scan subdirectories
Profile settings:
[X] Scan subdirectories
Archive options
[X] Search archive
[X] All archive types
Miscellaneous options:
Temporary path: %TEMP% -> C:\Program Files\AVPersonal\BUILD.DAT
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start
General settings:
[X] Save options on exiting AntiVir
Priority: medium
Drives:
A: Floppy drive
C: Hard disk
D: CD-ROM
Start of scan: Thursday, September 01, 2005 14:37
Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK
C:\
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINNT\SYSTEM32\CONFIG
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SYSTEM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SOFTWARE
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
DEFAULT
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
CoolWWWSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Targetsaver.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Program Files\Microsoft SQL Server\MSSQL$METRIX\Data
master.mdf
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
model.mdf
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
tempdb.mdf
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
End of scan: Thursday, September 01, 2005 14:53
Time taken: 16:23 min
2694 directories were scanned
42195 files were scanned
9 warning messages were issued
0 files were deleted
0 files were repaired
0 detections
So, there's lots of access errors here... any suggestions for how to proceed?