Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Windows 7 wierd Micosoft update valid

03 Aug 2013   #1

Windows7 32bit
Windows 7 wierd Micosoft update valid

I have Windows 7 32bit. I have Windows Update set to notify only. I have great AV real protection software running but something wierd just happened.

I was on Ebay using Firefox and suddenly the browser froze and message that a script was trying to run click yes or no. I click no as I have NoScript installed along with host of other protective browser software. Then my computer started cranking away and in process explorer Trusted Installer was active. It was installing something to my hard drive.

I found out that what ever it was wrote to Licenses C:\program data; state data C:\ProgramData\Microsoft\RAC; and to RacMetaData.dat. RacWmiDatabase, RacWmiDataBookmarks.dat
2013/08/03 12:48:50 -0700 MESSAGE Starting database refresh
2013/08/03 12:48:50 -0700 MESSAGE Stopping IP protection
2013/08/03 12:48:51 -0700 MESSAGE IP Protection stopped successfully
2013/08/03 12:49:08 -0700 MESSAGE Database refreshed successfully
2013/08/03 12:49:08 -0700 MESSAGE Starting IP protection
2013/08/03 12:49:11 -0700 MESSAGE IP Protection started successfully

What was so annoying is that my desktop is on ethernet. It then went out to my router via wireless and installed software on there as well and shutdown my laptop.

It pisses me off as it didn't give me a choice and UAC is set at the highest level ALWAYS notify when installing software. I assume that would key off of TrustedInstaller

The same thing happened when Microsoft installed 9 api-ms-win-downlevel-*dll's without my permission. Even WinPatol didn't alert.

Now with all this stuff about MS and the NSA, I am spooked what is in this database and are they collecting information? What made them look at other devices networked to my router and pushed it out to other devices as well?

I thought I activated some malicious script in my browser because this sequence occurred at the same time as the non-responsive script error message. Running Malwarebytes and Avira came up with no detections.

Any ideas or suggestions?

My System SpecsSystem Spec
03 Aug 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Run Farbar Recovery Scan Tool

32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

Drag the FRST.exe from the Downloads folder to your Desktop

Right click on FRST.exe and choose

When the tool opens click Yes on the disclaimer window .
Press Scan button.

Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
My System SpecsSystem Spec
03 Aug 2013   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Sounds like it might possibly be WAT (antipiracy update) took place. Did you recently add new hardware?
My System SpecsSystem Spec

03 Aug 2013   #4

Windows7 32bit

Quote   Quote: Originally Posted by Jacee View Post
Sounds like it might possibly be WAT (antipiracy update) took place. Did you recently add new hardware?
NO, no hardware or software installed

There was this scripting error in my browser which NoScript didn't pick up and then something started getting install on my hard drive as TrustedInstaller became activated and at 11:23AM something got installed in my system32 directory. Of course, it might be easier just to do a restore. But if MS is pushing something out then it wouldn't be detected by AV software. Time to start using a sandox.

OK here are the files at 11:23 or there abouts something was installed in my system32 directory. After that SearchIndexer and SearchProtocolHost ramped up big time.


Attached Files
File Type: txt FRST.txt (29.9 KB, 4 views)
File Type: txt Addition.txt (250.4 KB, 2 views)
My System SpecsSystem Spec
03 Aug 2013   #5

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

<==== Download Link

<==== Download Link

Click on one of the links above that goes with your Windows 7 bit versions

Save to the Desktop.

Close all windows and browsers

Right click on and choose

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
03 Aug 2013   #6
Microsoft MVP

Windows 7 Ult. x64

Is the Reliability Monitor folder. Sounds like the data store was updated. Is your Windows 7 installation updated?
My System SpecsSystem Spec
03 Aug 2013   #7

Windows7 32bit

Well, it went over to my laptop and did something over there at the same time. My windows update window on my laptop shows last successful update was on 7/23 yet in my events log on my laptop shows windows was successfully updated 8/03 but then it rebooted my laptop and was receiving HomeGroup Porvider Service not found which it would as you have to log into my laptop.

My windows updates are set to notify only!!

What makes me angry is the fact that I don't know if is this MS and if so why is done in such a silent manner? Where is the explanation? What's the purpose between MS Security Updates and these silent updates? Why would TrustedInstaller then go out and search my other computers on the network? Why didn't WinPatrol pick it up or even how could it even install bypassing my UAC set to always notify if software is being installed on my computer without my interaction? What's the purpose of setting to Notify Only but not download? How could it get pass my firewall set to always block incoming unless authorized by me?
My System SpecsSystem Spec
03 Aug 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Farbar Service Scanner

Click here Farbar Service Scanner to DOWNLOAD

Place the file onto your desktop

Right click on FSS.exe select

Place a check mark next to the following options
  • ⬜ Internet Services
  • ⬜ Windows Firewall
  • ⬜ System Restore
  • ⬜ Security Center
  • ⬜ Windows Update
  • ⬜ Windows Defender

Press the Scan button

Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
My System SpecsSystem Spec
03 Aug 2013   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Okay, I see "SearchScopes" .... not good. Web Search Bar Search Scope Monitor -->Adware.

Download AdWareCleaner AdwCleaner Download
or from here Téléchargements - Outils de Xplode - AdwCleaner
to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.

4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
My System SpecsSystem Spec
03 Aug 2013   #10

Windows7 32bit

Ok, these are the two reports. In Rogue, I have policies set in WinPatrol to prevent changes to registry tools and is the reason for showing up there. I don't see anything suspicious..

Does anyone know if MS pushes silent updates for changes to Windows7 code outside of automatic updates?

These reports are from my desktop. My laptop is so messed up, I'm just going to reimage the system partition.

I appreciate all your help and suggestions! The fact that it was able to bypass the router firewall and the other one on my laptop, it's got to be MS.

Attached Files
File Type: txt RKreport[0]_S_08032013_191147.txt (3.0 KB, 4 views)
File Type: txt FSS.txt (2.1 KB, 4 views)
My System SpecsSystem Spec

 Windows 7 wierd Micosoft update valid

Thread Tools

Similar help and support threads
Thread Forum
wierd update behavoir
Keeps updating the same thing every day and I have set my updates to " let me choose ":(
Windows Updates & Activation
''cursor is not valid'' after failed HP update
General Discussion
Windows Aero Wierd Tearing
So if I move a window from my 144 hz monitor to one of my 60 hz monitors it gets laggy. I have also noticed that if I fullscreen a window on my 144 hz monitor that I will get some strange tearing in specific places when I scroll up and down. If I revert the 144 hz monitor down to 60 hz it goes...
Hardware & Devices
Install 7 on new hard drive with valid key, windows saying not valid
I am a part-time computer technician when I am not at my actual job doing IT Help Desk for the bank, and I have an issue with this laptop i am working on. Laptop specs: Toshiba Satelite L455D Windows 7 32bit (sticker does not say which version) (per belarc and magic jelly bean software) it...
Installation & Setup
Wierd windows 7 problem
So this is what happens... its been about 2 weeks that when i power up my computer, windows doesnt function well. for example, i try to open on itunes it doesnt open up, or i right click on folders, apps they keep loading up but never load up. and also on this first power up when windows is...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:34.
Twitter Facebook Google+