Windows 7 wierd Micosoft update valid

Page 1 of 2 12 LastLast

  1. Posts : 7
    Windows7 32bit
       #1

    Windows 7 wierd Micosoft update valid


    I have Windows 7 32bit. I have Windows Update set to notify only. I have great AV real protection software running but something wierd just happened.

    I was on Ebay using Firefox and suddenly the browser froze and message that a script was trying to run click yes or no. I click no as I have NoScript installed along with host of other protective browser software. Then my computer started cranking away and in process explorer Trusted Installer was active. It was installing something to my hard drive.

    I found out that what ever it was wrote to Licenses C:\program data; state data C:\ProgramData\Microsoft\RAC; and to RacMetaData.dat. RacWmiDatabase, RacWmiDataBookmarks.dat
    2013/08/03 12:48:50 -0700 MESSAGE Starting database refresh
    2013/08/03 12:48:50 -0700 MESSAGE Stopping IP protection
    2013/08/03 12:48:51 -0700 MESSAGE IP Protection stopped successfully
    2013/08/03 12:49:08 -0700 MESSAGE Database refreshed successfully
    2013/08/03 12:49:08 -0700 MESSAGE Starting IP protection
    2013/08/03 12:49:11 -0700 MESSAGE IP Protection started successfully

    What was so annoying is that my desktop is on ethernet. It then went out to my router via wireless and installed software on there as well and shutdown my laptop.

    It pisses me off as it didn't give me a choice and UAC is set at the highest level ALWAYS notify when installing software. I assume that would key off of TrustedInstaller

    The same thing happened when Microsoft installed 9 api-ms-win-downlevel-*dll's without my permission. Even WinPatol didn't alert.

    Now with all this stuff about MS and the NSA, I am spooked what is in this database and are they collecting information? What made them look at other devices networked to my router and pushed it out to other devices as well?

    I thought I activated some malicious script in my browser because this sequence occurred at the same time as the non-responsive script error message. Running Malwarebytes and Avira came up with no detections.

    Any ideas or suggestions?
      My Computer


  2. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #2

    Run Farbar Recovery Scan Tool


    32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

    Drag the FRST.exe from the Downloads folder to your Desktop

    Right click on FRST.exe and choose

    When the tool opens click Yes on the disclaimer window .
    Press Scan button.


    Please upload both logs in your reply.(FRST.txt and Addition.txt)

    FRST.txt and Addition.txt will be on the Desktop

    Upload a File
    Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
      My Computer


  3. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #3

    Sounds like it might possibly be WAT (antipiracy update) took place. Did you recently add new hardware?
      My Computer


  4. Posts : 7
    Windows7 32bit
    Thread Starter
       #4

    Jacee said:
    Sounds like it might possibly be WAT (antipiracy update) took place. Did you recently add new hardware?
    NO, no hardware or software installed

    There was this scripting error in my browser which NoScript didn't pick up and then something started getting install on my hard drive as TrustedInstaller became activated and at 11:23AM something got installed in my system32 directory. Of course, it might be easier just to do a restore. But if MS is pushing something out then it wouldn't be detected by AV software. Time to start using a sandox.

    OK here are the files at 11:23 or there abouts something was installed in my system32 directory. After that SearchIndexer and SearchProtocolHost ramped up big time.

    THX
    Windows 7 wierd Micosoft update valid Attached Files
      My Computer


  5. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #5

    <==== Download Link


    <==== Download Link

    Click on one of the links above that goes with your Windows 7 bit versions

    Save to the Desktop.

    Close all windows and browsers

    Right click on and choose

    Press: SCAN

    provide the RKreport.txt (Mode: Scan) in your reply.
      My Computer


  6. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #6

    Code:
    C:\ProgramData\Microsoft\RAC
    Is the Reliability Monitor folder. Sounds like the data store was updated. Is your Windows 7 installation updated?
      My Computer


  7. Posts : 7
    Windows7 32bit
    Thread Starter
       #7

    Well, it went over to my laptop and did something over there at the same time. My windows update window on my laptop shows last successful update was on 7/23 yet in my events log on my laptop shows windows was successfully updated 8/03 but then it rebooted my laptop and was receiving HomeGroup Porvider Service not found which it would as you have to log into my laptop.

    My windows updates are set to notify only!!

    What makes me angry is the fact that I don't know if is this MS and if so why is done in such a silent manner? Where is the explanation? What's the purpose between MS Security Updates and these silent updates? Why would TrustedInstaller then go out and search my other computers on the network? Why didn't WinPatrol pick it up or even how could it even install bypassing my UAC set to always notify if software is being installed on my computer without my interaction? What's the purpose of setting to Notify Only but not download? How could it get pass my firewall set to always block incoming unless authorized by me?
      My Computer


  8. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #8

    Farbar Service Scanner

    Click here Farbar Service Scanner to DOWNLOAD

    Place the file onto your desktop

    Right click on FSS.exe select

    Place a check mark next to the following options

    • ⬜ Internet Services
    • ⬜ Windows Firewall
    • ⬜ System Restore
    • ⬜ Security Center
    • ⬜ Windows Update
    • ⬜ Windows Defender


    Press the Scan button

    Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
      My Computer


  9. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #9

    Okay, I see "SearchScopes" .... not good. Web Search Bar Search Scope Monitor -->Adware.

    Download AdWareCleaner AdwCleaner Download
    or from here Téléchargements - Outils de Xplode - AdwCleaner
    to your desktop
    1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
    2.Click on Delete button.
    3.Confirm each time with OK.

    4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
    Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
      My Computer


  10. Posts : 7
    Windows7 32bit
    Thread Starter
       #10

    Ok, these are the two reports. In Rogue, I have policies set in WinPatrol to prevent changes to registry tools and is the reason for showing up there. I don't see anything suspicious..

    Does anyone know if MS pushes silent updates for changes to Windows7 code outside of automatic updates?

    These reports are from my desktop. My laptop is so messed up, I'm just going to reimage the system partition.

    I appreciate all your help and suggestions! The fact that it was able to bypass the router firewall and the other one on my laptop, it's got to be MS.
    Windows 7 wierd Micosoft update valid Attached Files
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:07.
Find Us