Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 wierd Micosoft update valid


03 Aug 2013   #1

Windows7 32bit
 
 
Windows 7 wierd Micosoft update valid

I have Windows 7 32bit. I have Windows Update set to notify only. I have great AV real protection software running but something wierd just happened.

I was on Ebay using Firefox and suddenly the browser froze and message that a script was trying to run click yes or no. I click no as I have NoScript installed along with host of other protective browser software. Then my computer started cranking away and in process explorer Trusted Installer was active. It was installing something to my hard drive.

I found out that what ever it was wrote to Licenses C:\program data; state data C:\ProgramData\Microsoft\RAC; and to RacMetaData.dat. RacWmiDatabase, RacWmiDataBookmarks.dat
2013/08/03 12:48:50 -0700 MESSAGE Starting database refresh
2013/08/03 12:48:50 -0700 MESSAGE Stopping IP protection
2013/08/03 12:48:51 -0700 MESSAGE IP Protection stopped successfully
2013/08/03 12:49:08 -0700 MESSAGE Database refreshed successfully
2013/08/03 12:49:08 -0700 MESSAGE Starting IP protection
2013/08/03 12:49:11 -0700 MESSAGE IP Protection started successfully

What was so annoying is that my desktop is on ethernet. It then went out to my router via wireless and installed software on there as well and shutdown my laptop.

It pisses me off as it didn't give me a choice and UAC is set at the highest level ALWAYS notify when installing software. I assume that would key off of TrustedInstaller

The same thing happened when Microsoft installed 9 api-ms-win-downlevel-*dll's without my permission. Even WinPatol didn't alert.

Now with all this stuff about MS and the NSA, I am spooked what is in this database and are they collecting information? What made them look at other devices networked to my router and pushed it out to other devices as well?

I thought I activated some malicious script in my browser because this sequence occurred at the same time as the non-responsive script error message. Running Malwarebytes and Avira came up with no detections.

Any ideas or suggestions?

My System SpecsSystem Spec
.

03 Aug 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run Farbar Recovery Scan Tool


32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

Drag the FRST.exe from the Downloads folder to your Desktop

Right click on FRST.exe and choose

When the tool opens click Yes on the disclaimer window .
Press Scan button.


Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
My System SpecsSystem Spec
03 Aug 2013   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sounds like it might possibly be WAT (antipiracy update) took place. Did you recently add new hardware?
My System SpecsSystem Spec
.


03 Aug 2013   #4

Windows7 32bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Sounds like it might possibly be WAT (antipiracy update) took place. Did you recently add new hardware?
NO, no hardware or software installed

There was this scripting error in my browser which NoScript didn't pick up and then something started getting install on my hard drive as TrustedInstaller became activated and at 11:23AM something got installed in my system32 directory. Of course, it might be easier just to do a restore. But if MS is pushing something out then it wouldn't be detected by AV software. Time to start using a sandox.

OK here are the files at 11:23 or there abouts something was installed in my system32 directory. After that SearchIndexer and SearchProtocolHost ramped up big time.

THX


Attached Files
File Type: txt FRST.txt (29.9 KB, 4 views)
File Type: txt Addition.txt (250.4 KB, 2 views)
My System SpecsSystem Spec
03 Aug 2013   #5

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

<==== Download Link


<==== Download Link

Click on one of the links above that goes with your Windows 7 bit versions

Save to the Desktop.

Close all windows and browsers

Right click on and choose

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
03 Aug 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Code:
C:\ProgramData\Microsoft\RAC
Is the Reliability Monitor folder. Sounds like the data store was updated. Is your Windows 7 installation updated?
My System SpecsSystem Spec
03 Aug 2013   #7

Windows7 32bit
 
 

Well, it went over to my laptop and did something over there at the same time. My windows update window on my laptop shows last successful update was on 7/23 yet in my events log on my laptop shows windows was successfully updated 8/03 but then it rebooted my laptop and was receiving HomeGroup Porvider Service not found which it would as you have to log into my laptop.

My windows updates are set to notify only!!

What makes me angry is the fact that I don't know if is this MS and if so why is done in such a silent manner? Where is the explanation? What's the purpose between MS Security Updates and these silent updates? Why would TrustedInstaller then go out and search my other computers on the network? Why didn't WinPatrol pick it up or even how could it even install bypassing my UAC set to always notify if software is being installed on my computer without my interaction? What's the purpose of setting to Notify Only but not download? How could it get pass my firewall set to always block incoming unless authorized by me?
My System SpecsSystem Spec
03 Aug 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Farbar Service Scanner

Click here Farbar Service Scanner to DOWNLOAD

Place the file onto your desktop

Right click on FSS.exe select

Place a check mark next to the following options
  • ⬜ Internet Services
  • ⬜ Windows Firewall
  • ⬜ System Restore
  • ⬜ Security Center
  • ⬜ Windows Update
  • ⬜ Windows Defender

Press the Scan button

Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
My System SpecsSystem Spec
03 Aug 2013   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Okay, I see "SearchScopes" .... not good. Web Search Bar Search Scope Monitor -->Adware.

Download AdWareCleaner AdwCleaner Download
or from here Téléchargements - Outils de Xplode - AdwCleaner
to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.

4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
My System SpecsSystem Spec
03 Aug 2013   #10

Windows7 32bit
 
 

Ok, these are the two reports. In Rogue, I have policies set in WinPatrol to prevent changes to registry tools and is the reason for showing up there. I don't see anything suspicious..

Does anyone know if MS pushes silent updates for changes to Windows7 code outside of automatic updates?

These reports are from my desktop. My laptop is so messed up, I'm just going to reimage the system partition.

I appreciate all your help and suggestions! The fact that it was able to bypass the router firewall and the other one on my laptop, it's got to be MS.


Attached Files
File Type: txt RKreport[0]_S_08032013_191147.txt (3.0 KB, 4 views)
File Type: txt FSS.txt (2.1 KB, 4 views)
My System SpecsSystem Spec
Reply

 Windows 7 wierd Micosoft update valid




Thread Tools



Similar help and support threads for2: Windows 7 wierd Micosoft update valid
Thread Forum
Windows 7 Ultimate x32: Can't Open Any Programs and Get a Wierd Error General Discussion
Solved Install 7 on new hard drive with valid key, windows saying not valid Installation & Setup
Windows 7 Not Valid Windows Updates & Activation
Solved Windows 7 x64 Dual Boot With Vista x86 Wierd Problem Installation & Setup
Windows 7 Suddenly not valid Windows Updates & Activation
Wierd windows 7 problem General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:34 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33