About MSE, I can choose between two versions:: amd64 or X86. Wich one I need to install?
websearches.com as startpage, slow bootup, slow pc [Solved]
#31
Posted 16 November 2014 - 08:00 AM
#32
Posted 16 November 2014 - 08:02 AM
amd64
#33
Posted 16 November 2014 - 09:19 AM
During installation error and the installation cannot be finished.
errorcode: 0x80070643
#34
Posted 16 November 2014 - 09:56 AM
Interesting. Let's try the following please.
Step#1 - Uninstall AVG Completely / Then try to install MSE
1. Uninstall AVG 2015 from add/remove programs and reboot (whether you are prompted to or not)
2. Please download the uninstallers for 2014 and 2015 save each one to your Desktop.
3. Run one at a time by right-clicking on the file and choosing Run as administrator. When asked if you wish to continue please answer Yes. If you are asked to reboot, please do.
4. Please ensure you run each one.
5. Download and attempt to install MSE.
Let me know how it goes. Do you have a preference on which Antivirus you end up running on your machine?
Thank you.
#35
Posted 16 November 2014 - 10:27 AM
I'm going to install the paid version of bitdefender internet security after system is cleaned up.
avg uninstalled, avg removers executed as you asked, one by one. The 2014 version did ask for rebooting and rebooted the system itself, the 2015 version, just stopped after the black windows disappears, nothing happens after , I even waited for a while, nothing happened, so I manually rebooted the sytem.
tried again to install MSE, even after a new download: same result, I do see the desktop freshing up direclty after the error windows is showed.
#36
Posted 16 November 2014 - 11:59 AM
OK, let's do this. Please attach the following log file to your next post. c:\ProgramData\Microsoft\Microsoft Security Essentials\Support\msseInstall.log
Then proceed with Steps#3 (ESET Scan) & #4 (Security Check) from Post#29 previously and post logs.
Once you are done go ahead and install the paid version of Bitdefender (see if it lets you). I don't want you to run without AV.
#37
Posted 16 November 2014 - 02:23 PM
C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.6.305.0_epp_Install.log
see attached, although different name and namefolder.
#38
Posted 16 November 2014 - 04:32 PM
C:\FRST\Quarantine\C\Users\Gisele\AppData\Roaming\SH.exe.xBAD a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application
C:\FRST\Quarantine\C\Users\Gisele\AppData\Roaming\ZOJPJJ.exe.xBAD a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\FRST\Quarantine\C\Users\Gisele\Downloads\VDownloaderIC.exe.xBAD a variant of Win32/InstallCore.IO potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\YourFileDownloader\Uninstall.exe.vir a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39brstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39dyn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39feedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39highin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39hkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39htmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39httpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39idle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39ieovr.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39msg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39radio.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39regfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39regiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39script.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39sknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39SrchMn.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39tpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\39uabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\CrExtP39.exe.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8EXTEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Qoobox\Quarantine\C\PROGRA~2\MAPSGA~2\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Users\Gisele\AppData\Roaming\SH JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Gisele\AppData\Roaming\ZOJPJJ JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Program Files (x86)\Sk-Enhancer\uninstall.exe.vir a variant of Win32/SProtector.B potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloaderUpdater\Uninstall.exe.vir a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe.vir a variant of Win32/YourFileDownloader.B potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir Win32/Toolbar.Babylon.Y potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Users\Gisele\AppData\Roaming\OpenCandy\1083E4BCBF2049669461B9656579E8C8\setup__759.exe.vir a variant of Win32/Amonetize.B potentially unwanted application
C:\Users\Gisele\Desktop\Nieuwe map\06 -\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\recuva [1].exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\SoftonicDownloader_voor_windows-live-mail.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\FORMAT FACTORY\Format Factory Setup.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC\DRIVERs & SLEUTELS\FFSetup220.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC\FORMAT FACTORY\FORMAT FACTORY SETUP.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC2\FFSetup220.exe Win32/Adware.ADON potentially unwanted application
C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1\VAN PC2\U TORRENT\installer_language_pack_torrent.exe Win32/Toggle potentially unwanted application
#39
Posted 16 November 2014 - 04:38 PM
Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.12 Adobe Reader out of Date!
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
#40
Posted 16 November 2014 - 05:04 PM
Cool, thank you. Please try the following to rectify the MSE issue. Even though we won't be using this software, it can possibly cause an unwanted conflict. You can do this before or after the bitdefender install.
1. Open Notepad
2. Copy the lines below (don't copy the word quote at the beginning)
3. Paste the copied lines into Notepad
4. In Notepad, select File/Save As
5 In the Save As Type, select All Files.
6. In the File Name section, enter the name as mseremoval.bat and click Save to your desktop.
7. Right click on mseremoval.bat and select Run.
cd /d "%ProgramFiles%\Microsoft Security Client"
TASKKILL /f /im MsMpEng.exe
TASKKILL /f /im msseces.exe
TASKKILL /f /im MpCmdRun.exe
net stop MsMpSvc
sc delete MsMpSvc
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware" /f
REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run\MSC" /f
REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\4C677A77F01DD614880F352F9DCD9D3B" /f
REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\4D880477777087D409D44E533B815F2D" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774088D4-0777-4D78-904D-E435B318F5D2}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" /f
REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /f
REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\11BB99F8B7FD53D4398442FBBAEF050F" /f
REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\26D13F39948E1D546B0106B5539504D9" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4C677A77F01DD614880F352F9DCD9D3B" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D880477777087D409D44E533B815F2D" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\11BB99F8B7FD53D4398442FBBAEF050F" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /f
takeown /f "%ProgramData%\Microsoft\Microsoft Antimalware" /a /r
takeown /f "%ProgramData%\Microsoft\Microsoft Security Client" /a /r
takeown /f "%ProgramFiles%\Microsoft Security Client" /a /r
REM Delete the MSE folders.
rmdir /s /q "%ProgramData%\Microsoft\Microsoft Antimalware"
rmdir /s /q "%ProgramData%\Microsoft\Microsoft Security Client"
rmdir /s /q "%ProgramFiles%\Microsoft Security Client"
REM Stop the WMI and its dependency services
sc stop sharedaccess
sc stop mpssvc
sc stop wscsvc
sc stop iphlpsvc
sc stop winmgmt
REM Delete the Repository folder.
rmdir /s /q "C:\Windows\System32\wbem\Repository"
sc stop
EXIT
8. Once this is complete, try to install Microsoft Security Essentials again.
Let me know if it works.
#41
Posted 16 November 2014 - 05:14 PM
the bat has runned, started the installation of MSE, but same error.
Then I rebooted and tried again to install MSE, same error.
Black screen with icon mouse before login windows screen appear still comes up for a few seconds.
Edited by HaraMo, 16 November 2014 - 05:14 PM.
#42
Posted 16 November 2014 - 05:42 PM
Thanks for your patience. I'll consult with my instructor and get back to you with next steps.
#43
Posted 17 November 2014 - 09:09 AM
Let's clean up the last remnants of infections/adware and then we can focus on the MSE issue.
Are you able to remove the following folder from your desktop? Nieuwe map If not, just be aware that there are undesirable programs within this folder.
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
fixlist.txt 86bytes
186 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#2 - Broken Services Check
OK, we need to check for any broken services.
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.
Step#3 - Run Microsoft Fix-It
1. Please download, install and run the Microsoft Fix-It from here.
2. Try to install Microsoft Security Essentials again and let me know the results.
Items for your Next Post
1. FRST Fix log
2. Contents of the FSS.txt log.
#44
Posted 17 November 2014 - 12:17 PM
About the nieuwe map, it's a new folder I made myself after starting this thread, to put every app I downloaded when you told me to do, also the logs are placed in there, but for every step I made a new folder and give it a number, at this moment there are 17 folders in it, last contains the security check app you told me to download and execute.
ofcourse I first downloaded the app on dekstop, like you told me, and after the step is finished, I put the app and logs in a new folder ( for example: folder named 1- , next 2-,.. ) under folder 'nieuwe map'.
I hope these files are not already infected?
I'm now going to execute the next steps.
#45
Posted 17 November 2014 - 12:33 PM
FRST log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Gisele at 2014-11-17 19:21:10 Run:3
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Gisele\AppData\Roaming\SH
C:\Users\Gisele\AppData\Roaming\ZOJPJJ
EmptyTemp:
*****************
C:\Users\Gisele\AppData\Roaming\SH => Moved successfully.
C:\Users\Gisele\AppData\Roaming\ZOJPJJ => Moved successfully.
EmptyTemp: => Removed 43.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users