[HaraMo]

About MSE, I can choose between two versions:: amd64 or X86. Wich one I need to install?

[Advertisements]

amd64

[BrianDrab]

amd64

[HaraMo]

During installation error and the installation cannot be finished.

 

errorcode: 0x80070643

[BrianDrab]

Interesting. Let's try the following please.

 

Step#1 - Uninstall AVG Completely / Then try to install MSE
1. Uninstall AVG 2015 from add/remove programs and reboot (whether you are prompted to or not)

2. Please download the uninstallers for 2014 and 2015 save each one to your Desktop.
3. Run one at a time by right-clicking on the file and choosing Run as administrator. When asked if you wish to continue please answer Yes. If you are asked to reboot, please do.
4. Please ensure you run each one.

5. Download and attempt to install MSE.

 

Let me know how it goes. Do you have a preference on which Antivirus you end up running on your machine?

 

Thank you.

 

 

 

 

[HaraMo]

I'm going to install the paid version of bitdefender internet security after system is cleaned up.

 

avg uninstalled, avg removers executed as you asked, one by one. The 2014 version did ask for rebooting and rebooted the system itself, the 2015 version, just stopped after the black windows disappears, nothing happens after , I even waited for a while, nothing happened, so I manually rebooted the sytem.

 

tried again to install MSE, even after a new download: same result, I do see the desktop freshing up direclty after the error windows is showed.

[BrianDrab]

OK, let's do this. Please attach the following log file to your next post. c:\ProgramData\Microsoft\Microsoft Security Essentials\Support\msseInstall.log

 

Then proceed with Steps#3 (ESET Scan) & #4 (Security Check) from Post#29 previously and post logs.

 

Once you are done go ahead and install the paid version of Bitdefender (see if it lets you). I don't want you to run without AV.

[HaraMo]

C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.6.305.0_epp_Install.log

 

see attached, although different name and namefolder.

[HaraMo]

C:\FRST\Quarantine\C\Users\Gisele\AppData\Roaming\SH.exe.xBAD a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application
C:\FRST\Quarantine\C\Users\Gisele\AppData\Roaming\ZOJPJJ.exe.xBAD a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\FRST\Quarantine\C\Users\Gisele\Downloads\VDownloaderIC.exe.xBAD a variant of Win32/InstallCore.IO potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\YourFileDownloader\Uninstall.exe.vir a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39brstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39dyn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39feedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39highin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39hkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39htmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39httpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39idle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39ieovr.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39msg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39radio.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39regfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39regiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39script.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39sknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39tpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39uabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\CrExtP39.exe.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8EXTEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Users\Gisele\AppData\Roaming\SH JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Gisele\AppData\Roaming\ZOJPJJ JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Program Files (x86)\Sk-Enhancer\uninstall.exe.vir a variant of Win32/SProtector.B potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloaderUpdater\Uninstall.exe.vir a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe.vir a variant of Win32/YourFileDownloader.B potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir Win32/Toolbar.Babylon.Y potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Roaming\OpenCandy\1083E4BCBF2049669461B9656579E8C8\setup__759.exe.vir a variant of Win32/Amonetize.B potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\recuva [1].exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\SoftonicDownloader_voor_windows-live-mail.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\FORMAT FACTORY\Format Factory Setup.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC\DRIVERs & SLEUTELS\FFSetup220.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC\FORMAT FACTORY\FORMAT FACTORY SETUP.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC2\FFSetup220.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC2\U TORRENT\installer_language_pack_torrent.exe Win32/Toggle potentially unwanted application
 

[HaraMo]

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
 Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

[BrianDrab]

Cool, thank you. Please try the following to rectify the MSE issue. Even though we won't be using this software, it can possibly cause an unwanted conflict. You can do this before or after the bitdefender install.

 

 

1. Open Notepad

2. Copy the lines below (don't copy the word quote at the beginning)

3. Paste the copied lines into Notepad

4. In Notepad, select File/Save As

5 In the Save As Type, select All Files.

6. In the File Name section, enter the name as mseremoval.bat and click Save to your desktop.

7. Right click on mseremoval.bat and select Run.

cd /d "%ProgramFiles%\Microsoft Security Client"

TASKKILL /f /im MsMpEng.exe

TASKKILL /f /im msseces.exe

TASKKILL /f /im MpCmdRun.exe

net stop MsMpSvc

sc delete MsMpSvc

REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware" /f

REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run\MSC" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\4C677A77F01DD614880F352F9DCD9D3B" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\4D880477777087D409D44E533B815F2D" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774088D4-0777-4D78-904D-E435B318F5D2}" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\11BB99F8B7FD53D4398442FBBAEF050F" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\26D13F39948E1D546B0106B5539504D9" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4C677A77F01DD614880F352F9DCD9D3B" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D880477777087D409D44E533B815F2D" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\11BB99F8B7FD53D4398442FBBAEF050F" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /f

takeown /f "%ProgramData%\Microsoft\Microsoft Antimalware" /a /r

takeown /f "%ProgramData%\Microsoft\Microsoft Security Client" /a /r

takeown /f "%ProgramFiles%\Microsoft Security Client" /a /r

REM Delete the MSE folders.

rmdir /s /q "%ProgramData%\Microsoft\Microsoft Antimalware"

rmdir /s /q "%ProgramData%\Microsoft\Microsoft Security Client"

rmdir /s /q "%ProgramFiles%\Microsoft Security Client"

REM Stop the WMI and its dependency services

sc stop sharedaccess

sc stop mpssvc

sc stop wscsvc

sc stop iphlpsvc

sc stop winmgmt

REM Delete the Repository folder.

rmdir /s /q "C:\Windows\System32\wbem\Repository"

sc stop

EXIT

 

8. Once this is complete, try to install Microsoft Security Essentials again.

 

Let me know if it works.

[HaraMo]

the bat has runned, started the installation of MSE, but same error. 

 

Then I rebooted and tried again to install MSE, same error.

 

Black screen with icon mouse before login windows  screen appear still comes up for a few seconds.

Edited by HaraMo, 16 November 2014 - 05:14 PM.

[BrianDrab]

Thanks for your patience. I'll consult with my instructor and get back to you with next steps.

[BrianDrab]

Let's clean up the last remnants of infections/adware and then we can focus on the MSE issue.
 
Are you able to remove the following folder from your desktop? Nieuwe map If not, just be aware that there are undesirable programs within this folder.
 
Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   86bytes   186 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
 
Step#2 - Broken Services Check
OK, we need to check for any broken services.
 
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

 

Step#3 - Run Microsoft Fix-It
1. Please download, install and run the Microsoft Fix-It from here.

2. Try to install Microsoft Security Essentials again and let me know the results.

 

 

 

Items for your Next Post

1. FRST Fix log
2. Contents of the FSS.txt log.

[HaraMo]

About the nieuwe map, it's a new folder I made myself after starting this thread, to put every app I downloaded when you told me to do, also the logs are placed in there, but for every step I made a new folder and give it a number, at this moment there are 17 folders in it, last contains the security check app you told me to download and execute.

ofcourse I first downloaded the app on dekstop, like you told me, and after the step is finished, I put the app and logs in a new folder ( for example: folder named 1- , next 2-,.. ) under folder 'nieuwe map'.

 

I hope these files are not already infected?

 

I'm now going to execute the next steps.

[HaraMo]

FRST log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Gisele at 2014-11-17 19:21:10 Run:3
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Gisele\AppData\Roaming\SH
C:\Users\Gisele\AppData\Roaming\ZOJPJJ
EmptyTemp:
*****************

C:\Users\Gisele\AppData\Roaming\SH => Moved successfully.
C:\Users\Gisele\AppData\Roaming\ZOJPJJ => Moved successfully.
EmptyTemp: => Removed 43.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====