[Machiavelli]

Hey

• Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
• Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
  
  
  

  :Commands
  [CREATERESTOREPOINT]
  
  :Files
  C:\Program Files (x86)\Microsoft Security Client
  
  :Commands
  [EMPTYTEMP]
  

• Click the Run Fix button.
• After your computer has rebooted, post the Fixlog

Try to install Essentials. Did that help?

[Advertisements]

Hi Machiavelli,

Looks like OTL wasn't able to remove the folder
Folder move failed. C:\Program Files (x86)\Microsoft Security Client scheduled to be moved on reboot.

I wasn't able to install MSE. Here's the full OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
Folder move failed. C:\Program Files (x86)\Microsoft Security Client scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Ralph
->Temp folder emptied: 301521724 bytes
->Temporary Internet Files folder emptied: 3428265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372636719 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10637 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25198563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50397 bytes
RecycleBin emptied: 63502273 bytes
 
Total Files Cleaned = 731.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03132014_075858

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\Microsoft Security Client scheduled to be moved on reboot.
C:\Users\Ralph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20140312222716678).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140312222716678).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140312222716678).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Montery]

Hi Machiavelli,

Looks like OTL wasn't able to remove the folder
Folder move failed. C:\Program Files (x86)\Microsoft Security Client scheduled to be moved on reboot.

I wasn't able to install MSE. Here's the full OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
Folder move failed. C:\Program Files (x86)\Microsoft Security Client scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Ralph
->Temp folder emptied: 301521724 bytes
->Temporary Internet Files folder emptied: 3428265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372636719 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10637 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25198563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50397 bytes
RecycleBin emptied: 63502273 bytes
 
Total Files Cleaned = 731.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03132014_075858

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\Microsoft Security Client scheduled to be moved on reboot.
C:\Users\Ralph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20140312222716678).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140312222716678).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140312222716678).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Machiavelli]

Does C:\Program Files (x86)\Microsoft Security Client folder still exist?

[Montery]

Yep!

[Machiavelli]

Hey

Go to this link here and try to do Step 5. Did that work?

If not, please do the step below:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST64 icon and select Run as Administrator)
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Did that solve our problem here?

Attached Files

•  fixlist.txt   50bytes   162 downloads

[Montery]

Hiya Machiavelli!

Yes, I've done step 5 a few times, and it fails then too.

Here's the result of the FRST actions:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ralph at 2014-03-14 13:05:29 Run:1
Running from C:\Users\Ralph\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Microsoft Security Client

*****************

C:\Program Files (x86)\Microsoft Security Client => Moved successfully.

==== End of Fixlog ====

Did that solve our problem here?

I'm assuming you mean was I successful in moving the directory? Yes, FRST did move it (dunno where though!)

I have not tried to install MSE, yet. Would you like me to, or are there other actions to perform?

Thanks again for all your help!

[Machiavelli]

Hey,
yes, please try to install Essentials now. If it does again fail, can you make sure that C:\Program Files (x86)\Microsoft Security Client is gone?

[Montery]

Hey Machiavelli!

At long last, success!!

Lesson learned: Always check event log -- you never know what good stuff is hiding there!!

Thanks for all your help. And I was serious by the way, next time I'm in germany, I'll buy you a beer!

[Machiavelli]

Hi,
Very good. How is your PC running? Any further problems?

[Montery]

Nope, no further problems.

I've left feedback on your behalf at [email protected].


Thanks again! Your help has been tremendous. I learned a lot, thank you!

[Machiavelli]

Hello,
in my opinion your PC is clean.

Thanks again! Your help has been tremendous. I learned a lot, thank you!

You are most welcome, Montery.

We need to remove the tools we've used during cleaning your machine

• Download Delfix from here
• Run the tool (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the delfix icon and select Run as Administrator)
• Ensure Remove disinfection tools is ticked
  Also tick:
  
  • Create registry backup
  • Purge system restore
  
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe!

[Montery]

Hey,

I had removed the installers manually and removed a bunch of files myself, before running this tool. But here is the log file anyways.

# DelFix v10.6 - Logfile created 16/03/2014 at 09:54:21
# Updated 11/11/2013 by Xplode
# Username : Ralph - ANTEC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ralph\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Ralph\Downloads\Extras.Txt
Deleted : C:\Users\Ralph\Downloads\FSS.exe
Deleted : C:\Users\Ralph\Downloads\OTL.Txt
Deleted : C:\Users\Ralph\Downloads\OTL(1).exe
Deleted : C:\Users\Ralph\Downloads\OTL.exe
Deleted : C:\Users\Ralph\Downloads\rkill.exe
Deleted : C:\Users\Ralph\Downloads\rkill64.exe
Deleted : C:\Users\Ralph\Downloads\RogueKiller.exe
Deleted : C:\Users\Ralph\Downloads\ServicesRepair.exe
Deleted : C:\Users\Ralph\Downloads\tdsskiller.zip
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #12 [Windows Update | 03/11/2014 22:16:14]
Deleted : RP #13 [Installed Universal Adb Driver | 03/11/2014 22:36:00]
Deleted : RP #14 [Windows Update | 03/12/2014 10:00:11]
Deleted : RP #15 [Installed Microsoft Fix it 50380 | 03/12/2014 16:17:00]
Deleted : RP #16 [Installed Evernote v. 5.2 | 03/12/2014 18:24:41]
Deleted : RP #17 [Installed Oracle VM VirtualBox 4.3.8 | 03/13/2014 05:22:28]
Deleted : RP #18 [Device Driver Package Install: Oracle Corporation Universal Serial Bus controllers | 03/13/2014 05:26:00]
Deleted : RP #19 [OTL Restore Point - 13/03/2014 7:59:09 AM | 03/13/2014 14:59:09]
Deleted : RP #20 [Installed Microsoft Visio Premium 2010 | 03/13/2014 22:28:51]
Deleted : RP #21 [Windows Update | 03/14/2014 10:00:10]
Deleted : RP #22 [Windows Backup | 03/15/2014 11:03:57]
Deleted : RP #23 [Windows Backup | 03/16/2014 02:30:21]

New restore point created !

########## - EOF - ##########

Thanks again!!

[Machiavelli]

You are most welcome. Keep Safe, Montery

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.