1. #1

    Windows Update - 13978 - For BrianDrab

    @BrianDrab
    Windows Update Error 800070490 From last 1 week for KB3003743 & KB2992611
    Attached Files Attached Files


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,162

    Re: Windows Update - 13978 - For BrianDrab

    I'm reviewing now. Thank you.

  3. #3
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,162

    Re: Windows Update - 13978 - For BrianDrab

    - General Instructions -

    • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
    • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
    • Any fixes provided by myself are for this log file only and should not be used on any other systems.
    • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
    • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
    • You have 4 days to reply to each post or the topic will be closed.
    • Please feel free to ask any questions, especially if you are having problems with my instructions.


    - Save ALL Tools to your Desktop-
    All tools that I have you download should be placed on the desktop unless otherwise stated.


    - Finally Before We Start-

    Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


    OK, let's get started.

    Step#1 - Warnings
    The Dangers of P2P Programs
    IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
    You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

    Here are some information sources about the dangers of P2P programs:
    FBI - Peer to Peer Scams
    USA Today Artticle on P2P Programs
    File Sharing Infects 500,000 Computers

    I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

    It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

    Please uninstall (or at the very least don't use while we fix your machine) the following Peer-to-Peer program(s): uTorrent


    CCleaner
    I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good. Following are a couple informative links on why not to use them.
    Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software
    miekiemoes' Blog: Registry Cleaners and System Tweaking Tools


    Step#2 - Uninstalls
    Please uninstall the following programs one at a time. Instructions for doing so are here.
    If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

    Driver Booster 2.3 <---- (Optional however the vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole.
    Kaspersky Internet Security - Since we are having issues with this and BSOD please uninstall.
    Speccy - It's a good program but currently causing issues. I would uninstall until we fix all issues. If you want to re-install after that, it's fine.


    Step#3 - Install MSE
    After you have uninstalled Kaspersky Internet Security, it's important that we also run the manual removal tool to ensure all remnants are gone. Otherwise we may still get the BSOD issues.
    1. Download the tool from here and save to your desktop.
    2. Go ahead and run the tool to ensure everything is removed.
    3. Once this is done, please install Microsoft Security Essentials from here. We don't want to leave the machine unprotected.

    Step#4 - FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
    3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

    Step#5 - AdWCleaner
    1. Please download AdwCleaner by Xplode onto your desktop.
    2. Close all open programs and internet browsers.
    3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
    4. Click on Scan.
    5. After the scan is complete click on "Clean"
    6. Confirm each time with Ok.
    7. Your computer will be rebooted automatically. A text file will open after the restart.
    8. Please post the content of that logfile with your next answer.
    9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

    Step#6 - Fresh Set of Logs
    1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
    2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
    3. Press Scan button.
    4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
    5. Please copy and paste log back here.
    6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.



    Items for your next post
    1. FRST Fix Log
    2. AdwCleaner Log
    3. Fresh FRST and Addition logs
    Attached Files Attached Files
    xYagneshx says thanks for this.

  4. #4

    Re: Windows Update - 13978 - For BrianDrab

    thanks for helping me so far before i try your instruction i want to make sure i get backup of virus logs

    so here what i do so far

    i tried to do normal boot
    malwarebytes working it gives me log that can help what PUP programs it removed
    Malwarebytes PUP log.txt

    Kaspersky fail to start it service i tried to maul start it even regedit to create that key but all fail tried to search on their forums REINSTALL IS ONLY SOLUTION
    Windows Update - 13978 - For BrianDrab-kas-jpg

    so i used there getsysinfo by kaspersky to collect logs you can see that log online here HOPE IT HELPS
    http://www.getsysteminfo.com/read.ph...5&key=ABM2odQk
    GetSystemInfo_DEVDATT-PC_Devdatt_2015_05_04_14_17_39.zip


    Owner used that PUP Softwares with Revo uninstall so i got some usefull info from that folder too attached SS of PUP Softwares Windows Update - 13978 - For BrianDrab-pup-jpg

    Also here one tutorial that i found surfing arround maybe can apply as we able to install update ones
    Windows Update - Fix a Repeatedly Offered Update - Windows 7 Help Forums

    SO NOW

    I WILL UNINSTALL WHAT YOU TELL AND WILL TRY FRT

    and yes there is some problem in Specy's latest build i try to run in it two pcs and only run after then not run

    not sure which uninstaller should i use so i think i will use REvo

    WILL UPDATE HOW IT GOES SRY FOR LATE RESPONSE

  5. #5
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,162

    Re: Windows Update - 13978 - For BrianDrab

    Thanks for the information. Let me know how it goes. We still need to uninstall Kaspersky. Not sure if you were trying to avoid this or not.

  6. #6

    Re: Windows Update - 13978 - For BrianDrab

    Quote Originally Posted by BrianDrab View Post
    Thanks for the information. Let me know how it goes. We still need to uninstall Kaspersky. Not sure if you were trying to avoid this or not.
    I already uninstalled all softs you told+ malwarebytes

    But currently Ms Av giving fail to update database tried to times to update it

    Even real time protection is off

    Just restarted pc trying again

  7. #7

    Re: Windows Update - 13978 - For BrianDrab

    after tried 4 times MSE did updated and i did quick scan no virus found

    i just tried FRT with fix script it removed virus entries but

    YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY

    NVM now trying step 5

    i already uninstalled chrome with revo will install it after end of this

    Code:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-05-2015
    Ran by Devdatt at 2015-05-04 20:46:27 Run:4
    Running from C:\Users\Devdatt\Desktop
    Loaded Profiles: Devdatt (Available profiles: Devdatt)
    Boot Mode: Normal
    
    
    ==============================================
    
    
    Content of fixlist:
    *****************
    CreateRestorePoint:
    Task: {4DA4741D-325B-4DD8-8348-997C216C7C24} - \Binkiland tori No Task File <==== ATTENTION
    Task: {944E2DF7-BFA8-4BB5-80CF-27B255FE2200} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
    cmd: winmgmt /verifyrepository
    file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
    file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
    file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
    file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
    CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_md_15_06&cd=2XzuyEtN2Y1L1Qzu0D0EzzyD0D0EtCyDyD0EzzyB0DtD0BtDtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDyCtB0DyCzyyEtG0DtByB0DtGzz0CyD0BtGtAtB0CyDtGtDtAtB0BtDyByE0B0A0B0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0A0D0BtDyC0EyEtGzzzyyEyCtGyE0CyDzytGzy0C0AtDtGtByC0CyC0AyBtByCtAtCtBtC2Q&cr=1314527656&ir="
    cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
    cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
    cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
    cmd: C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
    Cmd: wevtutil cl application
    Cmd: wevtutil cl system
    Cmd: wevtutil cl security
    EmptyTemp:
    
    
    
    
    *****************
    
    
    Restore point was successfully created.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA4741D-325B-4DD8-8348-997C216C7C24}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA4741D-325B-4DD8-8348-997C216C7C24}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland tori" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{944E2DF7-BFA8-4BB5-80CF-27B255FE2200}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{944E2DF7-BFA8-4BB5-80CF-27B255FE2200}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Reimage Reminder => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => Key deleted successfully.
    
    
    =========  winmgmt /verifyrepository =========
    
    
    WMI repository is consistent
    
    
    ========= End of CMD: =========
    
    
    
    
    ========================= file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL ========================
    
    
    "C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL" not found.
    ====== End Of File: ======
    
    
    
    
    ========================= file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF ========================
    
    
    "C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF" not found.
    ====== End Of File: ======
    
    
    
    
    ========================= file: C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL ========================
    
    
    "C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL" not found.
    ====== End Of File: ======
    
    
    
    
    ========================= file: C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF ========================
    
    
    "C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF" not found.
    ====== End Of File: ======
    
    
    Chrome StartupUrls deleted successfully.
    
    
    =========  C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL =========
    
    
    Microsoft (R) MOF Compiler Version 6.2.9200.16398
    Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
    File 'C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL' not found!
    
    
    ========= End of CMD: =========
    
    
    
    
    =========  C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF =========
    
    
    Microsoft (R) MOF Compiler Version 6.2.9200.16398
    Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
    File 'C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF' not found!
    
    
    ========= End of CMD: =========
    
    
    
    
    =========  C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL =========
    
    
    Microsoft (R) MOF Compiler Version 6.2.9200.16398
    Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
    File 'C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL' not found!
    
    
    ========= End of CMD: =========
    
    
    
    
    =========  C:\Windows\System32\WBEM\mofcomp C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF =========
    
    
    Microsoft (R) MOF Compiler Version 6.2.9200.16398
    Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
    File 'C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF' not found!
    
    
    ========= End of CMD: =========
    
    
    
    
    =========  wevtutil cl application =========
    
    
    
    
    ========= End of CMD: =========
    
    
    
    
    =========  wevtutil cl system =========
    
    
    
    
    ========= End of CMD: =========
    
    
    
    
    =========  wevtutil cl security =========
    
    
    
    
    ========= End of CMD: =========
    
    
    EmptyTemp: => Removed 2.7 GB temporary data.
    
    
    
    
    The system needed a reboot. 
    
    
    ==== End of Fixlog 20:49:06 ====
    Attached Thumbnails Attached Thumbnails Windows Update - 13978 - For BrianDrab-chrome-error-jpg  
    Attached Files Attached Files

  8. #8

    Re: Windows Update - 13978 - For BrianDrab

    Here is logs
    Attached Files Attached Files

  9. #9
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,162

    Re: Windows Update - 13978 - For BrianDrab

    YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY

    NVM now trying step 5

    i already uninstalled chrome with revo will install it after end of this
    You are correct and I apologize. I've done this over 100 times and never had an issue but I see it can be important to some so I'll adjust my information accordingly going forward. We can take a look to see if there is a backup but before we do can you tell me why you uninstalled Chrome and then re-installed it?

  10. #10

    Re: Windows Update - 13978 - For BrianDrab

    Quote Originally Posted by BrianDrab View Post
    YOU NEVER TOLD ME THAT IT WILL DELETE MY BROWSING HISTORY

    NVM now trying step 5

    i already uninstalled chrome with revo will install it after end of this
    You are correct and I apologize. I've done this over 100 times and never had an issue but I see it can be important to some so I'll adjust my information accordingly going forward. We can take a look to see if there is a backup but before we do can you tell me why you uninstalled Chrome and then re-installed it?
    i not reinstalled it yet will do after you approve system as clean

    and i did tab.bz my all working tabs so no problem

    + chrome sync was ON so whenever owner [MY DAD ]will sing in again there will be no problem

    do you analysed logs ?

  11. #11
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,162

    Re: Windows Update - 13978 - For BrianDrab

    Yes, everything looks good and we are clean here. I'll mark this solved and we can continue on the other thread. You should no longer get any blue screen issues.

    Thanks.

  12. #12
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,162

    Re: Windows Update - 13978 - For BrianDrab

    Time to clean up our tools.

    1. Clean Up!
    We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
    1. Download Delfix from here.
    2. Ensure everything is checked.
    3. Click Run.
    Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
    xYagneshx says thanks for this.

  13. #13

    Re: Windows Update - 13978 - For BrianDrab

    # DelFix v1.010 - Logfile created 04/05/2015 at 23:09:32
    # Updated 26/04/2015 by Xplode
    # Username : Devdatt - DEVDATT-PC
    # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)


    ~ Removing disinfection tools ...


    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\Users\Devdatt\Desktop\Addition.txt
    Deleted : C:\Users\Devdatt\Desktop\Fixlog.txt
    Deleted : C:\Users\Devdatt\Desktop\FRST.exe
    Deleted : C:\Users\Devdatt\Desktop\FRST.txt
    Deleted : HKLM\SOFTWARE\AdwCleaner


    ~ Creating registry backup ... OK


    ########## - EOF - ##########
    Attached Files Attached Files

Log in

Log in